DigitalSide Threat Intel

bot.arm

First submission 2024-10-13 22:06:03 Last sumbission 2024-10-13 22:40:02

File details

File type: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=SARkQbxejPml3qzkywO9/1yipxMwuOnV_8ctRLX43/I2XXvZwHXTLX8MsAb_6x/pqKnDMa_ypwCH_-ckWSj, with debug_info, not stripped
Mime type: application/x-executable
File size: 7307.86 KB (7483250 bytes)
MD5: 60f5c0a95d88b2d0d224cb706d26430d
SHA1: db252d9cb0c01aedfdab5257e065593b252634c9
SHA256: 02cfce235ace122bb97b537abb032b0e087d5a2c9c77564d7ab5e17957b67161

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 2/77 VT report date: 2024-10-13 21:33:26

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://billing.rpnodes.host/bot.arm VirusTotal Report billing.rpnodes.host VirusTotal Report 2024-10-13 22:40:04
hXXp://100.42.189.107/bot.arm VirusTotal Report 100.42.189.107 VirusTotal Report 2024-10-13 22:06:03

Strings analysis - File found

Log
math.Log

Strings analysis - Possible IPs found 13

1.2.2.1
1.1.2.1
2.5.4.102
72.5.4.82
87.120.84.114
1.1.3.1
5.4.32.5
4.52.5.4
127.0.0.1
2.5.4.62
5.4.112.5
1.2.1.1
1.1.1.1

Strings analysis - Possible URLs found 2

http://api.ipify.orgjson:
http://OPTIONSCreatedIM