1.sh
First submission 2024-10-13 12:45:02
Last sumbission 2024-10-13 14:15:02
File details
| File type: | Bourne-Again shell script, ASCII text executable |
| Mime type: | text/x-shellscript |
| File size: | 1.9 KB (1950 bytes) |
| MD5: | 8a970ab066cd427f3dd0edb0f448de5c |
| SHA1: | d4e8e788d3ac664d71d185e63924663e4069c300 |
| SHA256: | 79ee10fdeda429d6060e76d0981198b9d7b0eddd910b9dbe13033d36a2af4dc4 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
| Virus Total: | 38/77 VT report date: 2024-10-13 12:18:29 |
| Malware Type 2 | downloader trojan |
| Threat Type 3 | medusa shell bash |
URLs, FQDN and IP indicators 2
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://net.tiktoka.cc/1.sh  |
net.tiktoka.cc |
2024-10-13 14:15:04 |
| hXXp://81.161.238.2/1.sh |
81.161.238.2 |
2024-10-13 12:45:02 |
Strings analysis - Possible IPs found 1
| 81.161.238.2 |
Strings analysis - Possible URLs found 26
| http://81.161.238.2/mpsl; |
| http://81.161.238.2/mpsl;cat |
| http://81.161.238.2/arm5; |
| http://81.161.238.2/arm7; |
| http://81.161.238.2/arc; |
| http://81.161.238.2/spc;cat |
| http://81.161.238.2/mips; |
| http://81.161.238.2/x86_64;cat |
| http://81.161.238.2/sh4;cat |
| http://81.161.238.2/arc;cat |
| http://81.161.238.2/m68k; |
| http://81.161.238.2/mips;cat |
| http://81.161.238.2/arm6;cat |
| http://81.161.238.2/m68k;cat |
| http://81.161.238.2/sh4; |
| http://81.161.238.2/arm;cat |
| http://81.161.238.2/x86; |
| http://81.161.238.2/arm5;cat |
| http://81.161.238.2/arm6; |
| http://81.161.238.2/x86_64; |
| http://81.161.238.2/ppc;cat |
| http://81.161.238.2/spc; |
| http://81.161.238.2/x86;cat |
| http://81.161.238.2/arm; |
| http://81.161.238.2/arm7;cat |
| http://81.161.238.2/ppc; |