DigitalSide Threat Intel

bot.mips

First submission 2024-10-13 22:13:02 Last sumbission 2024-10-13 23:14:02

File details

File type: ELF 32-bit MSB executable, MIPS, MIPS32 version 1 (SYSV), statically linked, Go BuildID=5J4icIyT4sKwzao_2bxO/xPVQ3qtbVkuAx4RU4fNG/KsNa10w6GyDIrb33Q0kg/vT_0kx1ZaOjg5HgG6O3H, with debug_info, not stripped
Mime type: application/x-executable
File size: 8075.12 KB (8268918 bytes)
MD5: 0345621f687e8ee6dfcfabe2785defb5
SHA1: d23153a6cd7bc3b5970cd43299e61b04bb3823c2
SHA256: 8e5a4d3011431055487c012abd4a6df090397c78ccb8b28f8eba847fbf6a9b8c

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 0/77 VT report date: 2024-10-13 21:31:48

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://billing.rpnodes.host/bot.mips VirusTotal Report billing.rpnodes.host VirusTotal Report 2024-10-13 23:14:04
hXXp://100.42.189.107/bot.mips VirusTotal Report 100.42.189.107 VirusTotal Report 2024-10-13 22:13:02

Strings analysis - File found

Log
math.Log

Strings analysis - Possible IPs found 13

87.120.84.114
1.1.2.1
2.5.4.102
72.5.4.82
1.1.3.1
5.4.32.5
4.52.5.4
1.2.2.1
127.0.0.1
2.5.4.62
5.4.112.5
1.2.1.1
1.1.1.1

Strings analysis - Possible URLs found 2

http://api.ipify.orgjson:
http://OPTIONSCreatedIM