cas

First submission 2024-09-22 12:03:01 Last sumbission 2024-09-29 14:00:02

File details

File type: Bourne-Again shell script, ASCII text executable
Mime type: text/x-shellscript
File size: 0.66 KB (676 bytes)
MD5: 5dce119cae291faf8e8e1b06f271658e
SHA1: 0fb386b658587678074b7059b6ab686d893ec24f
SHA256: fb7e457d497ae78910cff172905fb153b36b1aa7faaa2bc566845f131c6255ff

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 34/77 VT report date: 2024-09-18 10:16:53
Malware Type 2 downloader trojan
Threat Type 2 medusa shell

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://bots.gxz.me:4782/cas VirusTotal Report bots.gxz.me VirusTotal Report 2024-09-29 14:00:05

Strings analysis - Possible IPs found 1

95.214.27.236

Strings analysis - Possible URLs found 8

http://95.214.27.236:4782/mips;
http://95.214.27.236:4782/arm5;chmod
http://95.214.27.236:4782/arm7;chmod
http://95.214.27.236:4782/mpsl;
http://95.214.27.236:4782/arm5;
http://95.214.27.236:4782/arm7;
http://95.214.27.236:4782/mpsl;chmod
http://95.214.27.236:4782/mips;chmod