sora.sh

First submission 2024-10-14 19:39:02 Last sumbission 2024-10-14 21:27:01

File details

File type:	Bourne-Again shell script, ASCII text executable
Mime type:	text/x-shellscript
File size:	2.66 KB (2723 bytes)
MD5:	23ce60917752705f59bde8ca8569c3d6
SHA1:	651959b325ca119ccc280a706ef57da197df6dfb
SHA256:	c4575e4be3ce1429bf36332d68ad7aa6612852748f0a94067e6936433c26f344

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	39/77 VT report date: 2024-08-11 20:01:54
Malware Type 2	downloader trojan
Threat Type 3	medusa shell bash

URLs, FQDN and IP indicators 2

URL	Host (FQDN/IP)	Date Added
hXXp://mail.mail-bistrodengi.ru/sora.sh	mail.mail-bistrodengi.ru	2024-10-14 21:27:03
hXXp://194.87.232.36/sora.sh	194.87.232.36	2024-10-14 19:39:02

Strings analysis - Possible IPs found 1

188.127.247.15

Strings analysis - Possible URLs found 28

http://188.127.247.15/bins/sora.mpsl;
http://188.127.247.15/bins/sora.mips;cat
http://188.127.247.15/bins/sora.m68k;cat
http://188.127.247.15/bins/sora.ppc440fp;
http://188.127.247.15/bins/sora.mpsl;cat
http://188.127.247.15/bins/sora.x86;
http://188.127.247.15/bins/sora.i686;cat
http://188.127.247.15/bins/sora.sh4;cat
http://188.127.247.15/bins/sora.arm4;
http://188.127.247.15/bins/sora.i686;
http://188.127.247.15/bins/sora.arm6;cat
http://188.127.247.15/bins/sora.arm6;
http://188.127.247.15/bins/sora.x86_64;cat
http://188.127.247.15/bins/sora.ppc440fp;cat
http://188.127.247.15/bins/sora.arm4;cat
http://188.127.247.15/bins/sora.mips;
http://188.127.247.15/bins/sora.x86;cat
http://188.127.247.15/bins/sora.i468;
http://188.127.247.15/bins/sora.ppc;
http://188.127.247.15/bins/sora.ppc;cat
http://188.127.247.15/bins/sora.arm5;cat
http://188.127.247.15/bins/sora.i468;cat
http://188.127.247.15/bins/sora.m68k;
http://188.127.247.15/bins/sora.x86_64;
http://188.127.247.15/bins/sora.sh4;
http://188.127.247.15/bins/sora.arm5;
http://188.127.247.15/bins/sora.arm7;cat
http://188.127.247.15/bins/sora.arm7;