goahead

First submission 2024-09-05 00:36:01

File details

File type: Bourne-Again shell script, ASCII text executable
Mime type: text/x-shellscript
File size: 2.5 KB (2555 bytes)
MD5: 824c70ad57a5610c3a9db0a37d41207d
SHA1: ed9c7531e2f0eb0ba496fa686eceb00def5b1281
SHA256: e268d37f5e24c9ee3808512892e36b4a74c5dfd36f16dc55a8f89ede558cca9c

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 34/79 VT report date: 2024-09-04 23:55:45
Malware Type 2 downloader trojan
Threat Type 3 medusa shell bash

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://154.216.17.167:8080/goahead VirusTotal Report 154.216.17.167 VirusTotal Report 2024-09-05 00:36:02

Strings analysis - Possible IPs found 1

154.216.17.167

Strings analysis - Possible URLs found 13

http://154.216.17.167//zmap.mips;
http://154.216.17.167//zmap.mpsl;
http://154.216.17.167//zmap.i686;
http://154.216.17.167//zmap.arm6;
http://154.216.17.167//zmap.arm7;
http://154.216.17.167//zmap.arm5;
http://154.216.17.167//zmap.m68k;
http://154.216.17.167//zmap.arm;
http://154.216.17.167//zmap.x86;
http://154.216.17.167//zmap.arc;
http://154.216.17.167//zmap.sh4;
http://154.216.17.167//zmap.spc;
http://154.216.17.167//zmap.ppc;