realtek

First submission 2024-09-05 00:42:02 Last sumbission 2024-09-05 00:46:02

File details

File type: Bourne-Again shell script, ASCII text executable
Mime type: text/x-shellscript
File size: 2.5 KB (2555 bytes)
MD5: 027e2a5aca8c00b9913e45fde1c1cbf6
SHA1: d3532e1f8a4b0a8cb47f0f21557052b3049f9d30
SHA256: 94f636eba9387e6ec626668e448d330d51618bd8833daa3c5dd7f24664e5e048

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 34/79 VT report date: 2024-09-05 00:40:51
Malware Type 2 downloader trojan
Threat Type 3 medusa shell bash

URLs, FQDN and IP indicators 4

URL Host (FQDN/IP) Date Added
hXXp://cnc.pr333.ggm.kr/realtek VirusTotal Report cnc.pr333.ggm.kr VirusTotal Report 2024-09-05 00:46:04
hXXp://cnc.pr333.ggm.kr:8080/realtek VirusTotal Report cnc.pr333.ggm.kr VirusTotal Report 2024-09-05 00:45:04
hXXp://154.216.17.167:8080/realtek VirusTotal Report 154.216.17.167 VirusTotal Report 2024-09-05 00:43:07
hXXp://154.216.17.167/realtek VirusTotal Report 154.216.17.167 VirusTotal Report 2024-09-05 00:42:02

Strings analysis - Possible IPs found 1

154.216.17.167

Strings analysis - Possible URLs found 13

http://154.216.17.167//zmap.mips;
http://154.216.17.167//zmap.mpsl;
http://154.216.17.167//zmap.i686;
http://154.216.17.167//zmap.arm6;
http://154.216.17.167//zmap.arm7;
http://154.216.17.167//zmap.arm5;
http://154.216.17.167//zmap.m68k;
http://154.216.17.167//zmap.arm;
http://154.216.17.167//zmap.x86;
http://154.216.17.167//zmap.arc;
http://154.216.17.167//zmap.sh4;
http://154.216.17.167//zmap.spc;
http://154.216.17.167//zmap.ppc;