DigitalSide Threat Intel

8UsA.sh

First submission 2022-08-01 05:11:02

File details

File type: Bourne-Again shell script, ASCII text executable
File type: 1.89 KB (1933 bytes)
MD5: 817c74b23b9f687d36ea2004a7984278
SHA1: ce31815a5dc2128f3d303ae69ee1f41a4e39d9a0
SHA256: 40a08530cc329f9cd88a98d9fc9ca2efe0d619d5f6ea336ebe3c1666f06fd0b5
Virus Total: 35/60 VT report date: 2022-08-01 02:35:02

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://138.197.9.111/8UsA.sh VirusTotal Report 138.197.9.111 VirusTotal Report 2022-08-01 05:11:02

Strings analysis - Possible IPs found 1

138.197.9.111

Strings analysis - Possible URLs found 20

http://138.197.9.111/bins/aqua.mpsl;
http://138.197.9.111/bins/aqua.arm6;cat
http://138.197.9.111/bins/aqua.m68k;cat
http://138.197.9.111/bins/aqua.mpsl;cat
http://138.197.9.111/bins/aqua.m68k;
http://138.197.9.111/bins/aqua.arm5;
http://138.197.9.111/bins/aqua.mips;cat
http://138.197.9.111/bins/aqua.ppc;cat
http://138.197.9.111/bins/aqua.arm5;cat
http://138.197.9.111/bins/aqua.arm4;
http://138.197.9.111/bins/aqua.arm4;cat
http://138.197.9.111/bins/aqua.x86;cat
http://138.197.9.111/bins/aqua.mips;
http://138.197.9.111/bins/aqua.arm6;
http://138.197.9.111/bins/aqua.arm7;
http://138.197.9.111/bins/aqua.sh4;
http://138.197.9.111/bins/aqua.ppc;
http://138.197.9.111/bins/aqua.x86;
http://138.197.9.111/bins/aqua.sh4;cat
http://138.197.9.111/bins/aqua.arm7;cat