gpon443
First submission 2024-09-30 12:48:02
File details
File type: | Bourne-Again shell script, ASCII text executable |
Mime type: | text/x-shellscript |
File size: | 2.77 KB (2835 bytes) |
MD5: | 3bb32f76965f73feaf892db3f90d1440 |
SHA1: | 1b0a1e5086daeaa5ec380947acabac345b33c852 |
SHA256: | fed0ca0ea20561f41e82602da884051a3bb14cf9c8c3ffbc70f7bea7af734c8e |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 39/77 VT report date: 2024-09-30 12:04:47 |
Malware Type 2 | downloader trojan |
Threat Type 3 | medusa shell bash |
URLs, FQDN and IP indicators 1
Strings analysis - Possible IPs found 1
107.175.75.9 |
Strings analysis - Possible URLs found 14
http://107.175.75.9/bins/sora.arm5; |
http://107.175.75.9/bins/sora.i686; |
http://107.175.75.9/bins/sora.x86_64; |
http://107.175.75.9/bins/sora.arm6; |
http://107.175.75.9/bins/sora.m68k; |
http://107.175.75.9/bins/sora.mips; |
http://107.175.75.9/bins/sora.x86; |
http://107.175.75.9/bins/sora.arm4; |
http://107.175.75.9/bins/sora.arm7; |
http://107.175.75.9/bins/sora.mpsl; |
http://107.175.75.9/bins/sora.ppc; |
http://107.175.75.9/bins/sora.ppc440fp; |
http://107.175.75.9/bins/sora.i468; |
http://107.175.75.9/bins/sora.sh4; |