gpon443

First submission 2024-09-05 00:39:03

File details

File type: Bourne-Again shell script, ASCII text executable
Mime type: text/x-shellscript
File size: 2.5 KB (2555 bytes)
MD5: bf81144f6fc0553c3cb79b4980f221e3
SHA1: b92560f435037c9e9a1289992c41468749d96a17
SHA256: a1e4f78db0027796bd5fedd316ffc33958a80c2f955e1d43ca5f393d31c09354

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 34/79 VT report date: 2024-09-04 23:55:53
Malware Type 2 downloader trojan
Threat Type 3 medusa shell bash

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://154.216.17.167:8080/gpon443 VirusTotal Report 154.216.17.167 VirusTotal Report 2024-09-05 00:39:03

Strings analysis - Possible IPs found 1

154.216.17.167

Strings analysis - Possible URLs found 13

http://154.216.17.167//zmap.mips;
http://154.216.17.167//zmap.mpsl;
http://154.216.17.167//zmap.i686;
http://154.216.17.167//zmap.arm6;
http://154.216.17.167//zmap.arm7;
http://154.216.17.167//zmap.arm5;
http://154.216.17.167//zmap.m68k;
http://154.216.17.167//zmap.arm;
http://154.216.17.167//zmap.x86;
http://154.216.17.167//zmap.arc;
http://154.216.17.167//zmap.sh4;
http://154.216.17.167//zmap.spc;
http://154.216.17.167//zmap.ppc;