gpon443

First submission 2024-09-30 12:48:02

File details

File type: Bourne-Again shell script, ASCII text executable
Mime type: text/x-shellscript
File size: 2.77 KB (2835 bytes)
MD5: 3bb32f76965f73feaf892db3f90d1440
SHA1: 1b0a1e5086daeaa5ec380947acabac345b33c852
SHA256: fed0ca0ea20561f41e82602da884051a3bb14cf9c8c3ffbc70f7bea7af734c8e

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 39/77 VT report date: 2024-09-30 12:04:47
Malware Type 2 downloader trojan
Threat Type 3 medusa shell bash

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://107.175.75.9/gpon443 VirusTotal Report 107.175.75.9 VirusTotal Report 2024-09-30 12:48:02

Strings analysis - Possible IPs found 1

107.175.75.9

Strings analysis - Possible URLs found 14

http://107.175.75.9/bins/sora.arm5;
http://107.175.75.9/bins/sora.i686;
http://107.175.75.9/bins/sora.x86_64;
http://107.175.75.9/bins/sora.arm6;
http://107.175.75.9/bins/sora.m68k;
http://107.175.75.9/bins/sora.mips;
http://107.175.75.9/bins/sora.x86;
http://107.175.75.9/bins/sora.arm4;
http://107.175.75.9/bins/sora.arm7;
http://107.175.75.9/bins/sora.mpsl;
http://107.175.75.9/bins/sora.ppc;
http://107.175.75.9/bins/sora.ppc440fp;
http://107.175.75.9/bins/sora.i468;
http://107.175.75.9/bins/sora.sh4;