ohshit.sh

First submission 2024-09-04 21:38:01

File details

File type: Bourne-Again shell script, ASCII text executable
Mime type: text/x-shellscript
File size: 2.87 KB (2940 bytes)
MD5: 70b5dfb2cd447b9d11273a8f59fcd6bd
SHA1: 6a6433e85067c0b2ece7d46eeb40bcee0f8df159
SHA256: 759092698579be538cb31da0a9f8d458306a9c2ff9bb2ed5e90c40db23d0b6eb

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 37/79 VT report date: 2024-09-04 20:39:56
Malware Type 2 downloader trojan
Threat Type 3 medusa shell bash

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://93.123.85.167/ohshit.sh VirusTotal Report 93.123.85.167 VirusTotal Report 2024-09-04 21:38:01

Strings analysis - Possible IPs found 1

93.123.85.167

Strings analysis - Possible URLs found 30

http://93.123.85.167/hiddenbin/boatnet.i468;
http://93.123.85.167/hiddenbin/boatnet.i686;cat
http://93.123.85.167/hiddenbin/boatnet.arm5;cat
http://93.123.85.167/hiddenbin/boatnet.mips;cat
http://93.123.85.167/hiddenbin/boatnet.arm;
http://93.123.85.167/hiddenbin/boatnet.mips;
http://93.123.85.167/hiddenbin/boatnet.spc;
http://93.123.85.167/hiddenbin/boatnet.sh4;cat
http://93.123.85.167/hiddenbin/boatnet.ppc;
http://93.123.85.167/hiddenbin/boatnet.x86;cat
http://93.123.85.167/hiddenbin/boatnet.mpsl;
http://93.123.85.167/hiddenbin/boatnet.spc;cat
http://93.123.85.167/hiddenbin/boatnet.i468;cat
http://93.123.85.167/hiddenbin/boatnet.mpsl;cat
http://93.123.85.167/hiddenbin/boatnet.ppc;cat
http://93.123.85.167/hiddenbin/boatnet.sh4;
http://93.123.85.167/hiddenbin/boatnet.x86_64;cat
http://93.123.85.167/hiddenbin/boatnet.arm6;cat
http://93.123.85.167/hiddenbin/boatnet.arm6;
http://93.123.85.167/hiddenbin/boatnet.i686;
http://93.123.85.167/hiddenbin/boatnet.m68k;cat
http://93.123.85.167/hiddenbin/boatnet.arc;
http://93.123.85.167/hiddenbin/boatnet.m68k;
http://93.123.85.167/hiddenbin/boatnet.arm7;
http://93.123.85.167/hiddenbin/boatnet.arc;cat
http://93.123.85.167/hiddenbin/boatnet.arm;cat
http://93.123.85.167/hiddenbin/boatnet.arm5;
http://93.123.85.167/hiddenbin/boatnet.arm7;cat
http://93.123.85.167/hiddenbin/boatnet.x86;
http://93.123.85.167/hiddenbin/boatnet.x86_64;