ohshit.sh
First submission 2024-10-14 06:51:02
File details
| File type: | Bourne-Again shell script, ASCII text executable |
| Mime type: | text/x-shellscript |
| File size: | 3.67 KB (3754 bytes) |
| MD5: | 1095140d456a2a8fdd1557638ef8663e |
| SHA1: | 771daf8957e0e1fd0226d36363b82ba6d23d24f3 |
| SHA256: | 6d3d40e7b5c279f9f5ae259cd0231d42f7a128a0cca5834de4836d92dc0b53d4 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
| Virus Total: | 36/77 VT report date: 2024-10-14 06:22:39 |
| Malware Type 2 | downloader trojan |
| Threat Type 3 | medusa shell gen2 |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://45.131.65.138/ohshit.sh  |
45.131.65.138 |
2024-10-14 06:51:02 |
Strings analysis - Possible IPs found 1
| 45.131.65.138 |
Strings analysis - Possible URLs found 30
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparc; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparc;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686; |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm;cat |
| http://45.131.65.138/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6;cat |