ohshit.sh
First submission 2024-09-04 21:38:01
File details
File type: | Bourne-Again shell script, ASCII text executable |
Mime type: | text/x-shellscript |
File size: | 2.87 KB (2940 bytes) |
MD5: | 70b5dfb2cd447b9d11273a8f59fcd6bd |
SHA1: | 6a6433e85067c0b2ece7d46eeb40bcee0f8df159 |
SHA256: | 759092698579be538cb31da0a9f8d458306a9c2ff9bb2ed5e90c40db23d0b6eb |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 37/79 VT report date: 2024-09-04 20:39:56 |
Malware Type 2 | downloader trojan |
Threat Type 3 | medusa shell bash |
URLs, FQDN and IP indicators 1
Strings analysis - Possible IPs found 1
93.123.85.167 |
Strings analysis - Possible URLs found 30
http://93.123.85.167/hiddenbin/boatnet.i468; |
http://93.123.85.167/hiddenbin/boatnet.i686;cat |
http://93.123.85.167/hiddenbin/boatnet.arm5;cat |
http://93.123.85.167/hiddenbin/boatnet.mips;cat |
http://93.123.85.167/hiddenbin/boatnet.arm; |
http://93.123.85.167/hiddenbin/boatnet.mips; |
http://93.123.85.167/hiddenbin/boatnet.spc; |
http://93.123.85.167/hiddenbin/boatnet.sh4;cat |
http://93.123.85.167/hiddenbin/boatnet.ppc; |
http://93.123.85.167/hiddenbin/boatnet.x86;cat |
http://93.123.85.167/hiddenbin/boatnet.mpsl; |
http://93.123.85.167/hiddenbin/boatnet.spc;cat |
http://93.123.85.167/hiddenbin/boatnet.i468;cat |
http://93.123.85.167/hiddenbin/boatnet.mpsl;cat |
http://93.123.85.167/hiddenbin/boatnet.ppc;cat |
http://93.123.85.167/hiddenbin/boatnet.sh4; |
http://93.123.85.167/hiddenbin/boatnet.x86_64;cat |
http://93.123.85.167/hiddenbin/boatnet.arm6;cat |
http://93.123.85.167/hiddenbin/boatnet.arm6; |
http://93.123.85.167/hiddenbin/boatnet.i686; |
http://93.123.85.167/hiddenbin/boatnet.m68k;cat |
http://93.123.85.167/hiddenbin/boatnet.arc; |
http://93.123.85.167/hiddenbin/boatnet.m68k; |
http://93.123.85.167/hiddenbin/boatnet.arm7; |
http://93.123.85.167/hiddenbin/boatnet.arc;cat |
http://93.123.85.167/hiddenbin/boatnet.arm;cat |
http://93.123.85.167/hiddenbin/boatnet.arm5; |
http://93.123.85.167/hiddenbin/boatnet.arm7;cat |
http://93.123.85.167/hiddenbin/boatnet.x86; |
http://93.123.85.167/hiddenbin/boatnet.x86_64; |