Overview
overview
9Static
static
net110_pro...Sev.sh
ubuntu-18.04-amd64
7net110_pro...Sev.sh
debian-9-armhf
7net110_pro...Sev.sh
debian-9-mips
7net110_pro...Sev.sh
debian-9-mipsel
7net110_pro...er.exe
windows7-x64
8net110_pro...er.exe
windows10-2004-x64
8net110_pro...ineBMP
ubuntu-18.04-amd64
net110_pro...bmp.sh
ubuntu-18.04-amd64
5net110_pro...bmp.sh
debian-9-armhf
5net110_pro...bmp.sh
debian-9-mips
5net110_pro...bmp.sh
debian-9-mipsel
5net110_pro...md5sum
ubuntu-18.04-amd64
net110_pro...tch.sh
ubuntu-18.04-amd64
5net110_pro...tch.sh
debian-9-armhf
5net110_pro...tch.sh
debian-9-mips
5net110_pro...tch.sh
debian-9-mipsel
5net110_pro...tup.sh
ubuntu-18.04-amd64
5net110_pro...tup.sh
debian-9-armhf
5net110_pro...tup.sh
debian-9-mips
5net110_pro...tup.sh
debian-9-mipsel
5net110_pro...ate.sh
ubuntu-18.04-amd64
5net110_pro...ate.sh
debian-9-armhf
5net110_pro...ate.sh
debian-9-mips
5net110_pro...ate.sh
debian-9-mipsel
5net110_pro...sh.bak
ubuntu-18.04-amd64
5net110_pro...sh.bak
debian-9-armhf
5net110_pro...sh.bak
debian-9-mips
5net110_pro...sh.bak
debian-9-mipsel
5net110_pro...ll.exe
windows7-x64
9net110_pro...ll.exe
windows10-2004-x64
9net110_pro...own.sh
ubuntu-18.04-amd64
5net110_pro...own.sh
debian-9-armhf
5General
-
Target
5cdb2e2e81d7673d70304a8136c89f51f6be80d9286245ea425fd2526670f560
-
Size
9.0MB
-
Sample
221126-hcxscshe93
-
MD5
a541b61cdee344be36e7f4a64ce3c2b3
-
SHA1
7e6c1c8c4c00ef09f2f65bd96cf2902f3c6303f8
-
SHA256
5cdb2e2e81d7673d70304a8136c89f51f6be80d9286245ea425fd2526670f560
-
SHA512
0a5c1478bcb251ac4635b5fe1b0243c71c93fd9a523f13e6142d4dfefd50067ea7f528859e077d1527941cd80145093eea6107ae32ffda60c407e161263fb627
-
SSDEEP
196608:Fw0MeZQ34Ov2xALSYuRufhwUDlHbwbCGEocc4t:FxcvkRREhDblGELn
Static task
static1
Behavioral task
behavioral1
Sample
net110_prober_v2.0.0.56_build011000_20140828/MakeRzxSev.sh
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral2
Sample
net110_prober_v2.0.0.56_build011000_20140828/MakeRzxSev.sh
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral3
Sample
net110_prober_v2.0.0.56_build011000_20140828/MakeRzxSev.sh
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral4
Sample
net110_prober_v2.0.0.56_build011000_20140828/MakeRzxSev.sh
Resource
debian9-mipsel-20221111-en
Behavioral task
behavioral5
Sample
net110_prober_v2.0.0.56_build011000_20140828/adwater.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
net110_prober_v2.0.0.56_build011000_20140828/adwater.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
net110_prober_v2.0.0.56_build011000_20140828/combineBMP
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral8
Sample
net110_prober_v2.0.0.56_build011000_20140828/combinebmp.sh
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral9
Sample
net110_prober_v2.0.0.56_build011000_20140828/combinebmp.sh
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral10
Sample
net110_prober_v2.0.0.56_build011000_20140828/combinebmp.sh
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral11
Sample
net110_prober_v2.0.0.56_build011000_20140828/combinebmp.sh
Resource
debian9-mipsel-20221111-en
Behavioral task
behavioral12
Sample
net110_prober_v2.0.0.56_build011000_20140828/md5sum
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral13
Sample
net110_prober_v2.0.0.56_build011000_20140828/patch.sh
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral14
Sample
net110_prober_v2.0.0.56_build011000_20140828/patch.sh
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral15
Sample
net110_prober_v2.0.0.56_build011000_20140828/patch.sh
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral16
Sample
net110_prober_v2.0.0.56_build011000_20140828/patch.sh
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral17
Sample
net110_prober_v2.0.0.56_build011000_20140828/setup.sh
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral18
Sample
net110_prober_v2.0.0.56_build011000_20140828/setup.sh
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral19
Sample
net110_prober_v2.0.0.56_build011000_20140828/setup.sh
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral20
Sample
net110_prober_v2.0.0.56_build011000_20140828/setup.sh
Resource
debian9-mipsel-20221111-en
Behavioral task
behavioral21
Sample
net110_prober_v2.0.0.56_build011000_20140828/update.sh
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral22
Sample
net110_prober_v2.0.0.56_build011000_20140828/update.sh
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral23
Sample
net110_prober_v2.0.0.56_build011000_20140828/update.sh
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral24
Sample
net110_prober_v2.0.0.56_build011000_20140828/update.sh
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral25
Sample
net110_prober_v2.0.0.56_build011000_20140828/update.sh.bak
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral26
Sample
net110_prober_v2.0.0.56_build011000_20140828/update.sh.bak
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral27
Sample
net110_prober_v2.0.0.56_build011000_20140828/update.sh.bak
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral28
Sample
net110_prober_v2.0.0.56_build011000_20140828/update.sh.bak
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral29
Sample
net110_prober_v2.0.0.56_build011000_20140828/waterwall.exe
Resource
win7-20221111-en
Behavioral task
behavioral30
Sample
net110_prober_v2.0.0.56_build011000_20140828/waterwall.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral31
Sample
net110_prober_v2.0.0.56_build011000_20140828/xDown.sh
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral32
Sample
net110_prober_v2.0.0.56_build011000_20140828/xDown.sh
Resource
debian9-armhf-en-20211208
Malware Config
Targets
-
-
Target
net110_prober_v2.0.0.56_build011000_20140828/MakeRzxSev.sh
-
Size
1KB
-
MD5
6acfc27bf16bf39d7cd6618fc2b57137
-
SHA1
3a3759c509e8ca578c504f162d2e1ee336193f3c
-
SHA256
6637f76dce8486449059e817169f96e81992bd88ef686e094154036754d9556e
-
SHA512
4d4ce060047d41364fd0a7a4c6e615af6657c46347abafe6e93bf8363dfa2648185c229699525397938c77ca4b802893cbffe39b572f534ddb5f7b9402f34bda
Score7/10-
Reads CPU attributes
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
net110_prober_v2.0.0.56_build011000_20140828/adwater.exe
-
Size
5.5MB
-
MD5
8e0b88f85d2bada6ac75c19a50c1982b
-
SHA1
067da10b22fed830134e7eca058eb472b2bdfda7
-
SHA256
6f6cda0e966bc74a3aa73cf799ef4c244c87b90adfebe7adb642bb349f5abf3c
-
SHA512
992b48d435667e02124495838733bd9a4888f2b93b5a6dd107fbd184266455612c9ffba0aff3522492beeb7ea075f233bba5e4888470d78842606631cfd7f779
-
SSDEEP
98304:Qzjwk9MdsL86/n1Yv0a4/2vLixXexcgesSYunR/qVzVdZfqQHbO:uw0MeZQ34Ov2xALSYuRufhK
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
net110_prober_v2.0.0.56_build011000_20140828/combineBMP
-
Size
41KB
-
MD5
a5395d640fa66fc3fac628ef00271238
-
SHA1
fac76f1057bce5612330f0d9a84fa08265c8a929
-
SHA256
db42bbbc28754bad82605b5df763164ca284216b87163a81f5e5c3d94afd3a39
-
SHA512
eafa020126a3f7ab1962fb89c0ffcf2b151d8700bafbc5dc692df08afc9da4052b62d0e3ea2dafb8a846d73a6864bb192b76a80a7c74bd5503348f62f8af32e9
-
SSDEEP
768:22tYOPOggKcVTlWSuBQoNm5fLejehmRwb5ZWwWZE1LBYF3csjhoc1SX:20YOP6XCFM56jehmRwb5bW21GF1oXX
Score1/10 -
-
-
Target
net110_prober_v2.0.0.56_build011000_20140828/combinebmp.sh
-
Size
9KB
-
MD5
999b33afef6bc13debd642ef0c88dbfb
-
SHA1
36fab9dea5a1c79847d99fe6a5a7b6dbed79112c
-
SHA256
726696bc07c0daaf45cc5550fa0f1b9416fe7167c9a00791e4d74f0d4d10f63b
-
SHA512
f855e35d9d3495a7c8dbf8bc34482c4867364f09893d2c96338e4179a61a0ae1995228e7ec9cf13115cb3c9da1ef5713fc39cf403e539fdfe0e6d6f2b57d4b2a
-
SSDEEP
192:VRYnS0eRYDIgPRSOhLDnGBZMTCRsfJzvU9Y3STFLnOeW+:A11u0+6ZY3x
Score5/10-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
net110_prober_v2.0.0.56_build011000_20140828/md5sum
-
Size
28KB
-
MD5
df8511cdfa66f5c96fcceacdde1220db
-
SHA1
fb7a28feee1257bfad70e1de9ad694f3d16ca884
-
SHA256
4590b5ed08df0d1d1e5cf1684839497734a3d1fdbad244fd25b1e5ce30722d87
-
SHA512
e9f7dd7dc86a86546f97856a910835a83515b30d0332566d68f6e33a6f4d5309070994f5adc3573064ecba7d3fa07f94ec25c03decc43751c4a95fade244f0c2
-
SSDEEP
384:fAdCbVJ24lPBzsqPYk5+qb8srg6mRbeTt03hK2s8nx0tznr8uzfGFlZl5vqaSVyj:0h49BzsgYI+avFMy0ZhoLQlJbNlPqx0
Score1/10 -
-
-
Target
net110_prober_v2.0.0.56_build011000_20140828/patch.sh
-
Size
11KB
-
MD5
1051641879724c3d7a90f2c2b1d9e27a
-
SHA1
0d6162a33ed174a787be911e244d7f820f73813b
-
SHA256
88c7d21be11fb4f17854646a020bd54da08f9f27940d7c393f1b8471053497b8
-
SHA512
9bbff7d1c87c05e96b59b7f555ebc2ffcbafba03df6687d18f639470644eeae4ab23345493a2d77f7cc3d124a0dc6c0d0a7ef66a9d97e0e6909fd01187648126
-
SSDEEP
192:KVRYnS0eRYDIgPRCOcLBehBYZM3Ce2pVLuz81CqrXFLnOpGPui:D1ciNyl1DVUix
Score5/10-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
net110_prober_v2.0.0.56_build011000_20140828/setup.sh
-
Size
11KB
-
MD5
ece71d3ea17f81f4abab93f0da2f8940
-
SHA1
4eb5340ea777f74147cd155eb9ef55256729f012
-
SHA256
f2fffc93c2223d2aeddc26533085489ac9428c611ccfd376bc25f2d2ed7077c8
-
SHA512
2485d90545a5067b3381fef41dd540372166d7e764ec926f2e7ed46e66e5840a669fc97e2afd0557717425faaa7cb12b722f4a5ba471e5ba362a684c4ef9367b
-
SSDEEP
192:wVxYnC+ISPRCOmtQr4T8TYf43NSpd9YHU9pITCqnzGx87:bQM1StGCooE
Score5/10-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
net110_prober_v2.0.0.56_build011000_20140828/update.sh
-
Size
12KB
-
MD5
e4b9f042966fd379fdf21fc9d19a1f7d
-
SHA1
01854777b0fad562f4bda7e718ffef94eb89c4ba
-
SHA256
e7b2cbb2655015c820788ab7d9c33981baebb7fe485449d00a0c1c2b4275f076
-
SHA512
915e72aaa7a21d0860e8238de54dc8845df6a625d7f8eee5f12b597b78862ee21fe12049926f92368c96d44eec7a0f704045534e0f26a241c2ec980c933075ec
-
SSDEEP
192:KYRYnS0eRYDIgPRCOcLBW8JhBYZM3Ce2pVLuz81CqrXFLnOFGxAJzV:E1cNNyl1DVaoY
Score5/10-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
net110_prober_v2.0.0.56_build011000_20140828/update.sh.bak
-
Size
12KB
-
MD5
69e780f7523ab1590f00d6bac5b90262
-
SHA1
25658e5ce356bd173c7ebdf1eeebdd8ca8f18dd9
-
SHA256
4ef39ab076e4036e387218721f3510ee85d1f58fa96e9a2f33cd9754039142f5
-
SHA512
84ae3d56aa5992f57821f6348e0308f7edb3bee78aaf16a52f0dde6b96e27527ed3eb9ece65d8a9709be1a6b54ea1e305217f434a1246d67bbb744efe4f44931
-
SSDEEP
192:KVRYnS0eRYDIgPRCOcLBW8JhBYZM3Ce2pVLuz81CqrXFLnOFGxAJzV:D1cNNyl1DVaoY
Score5/10-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
net110_prober_v2.0.0.56_build011000_20140828/waterwall.exe
-
Size
3.4MB
-
MD5
165b8525383e78f8305c0af30a11143c
-
SHA1
4af49033d7997be45ef1ac9519bb28ed8d37affc
-
SHA256
1403df6b61415d3023e111c3985d7175ec25806c46eb148381b27205d98650dc
-
SHA512
5837cb3b15cdabb83f88979fbe30acf3fd11b335eb90476836f66e50e73f91bc6399b885c578ee63024c5a0ee70dd196cc91c6c00d6b30be7b0d38e577aa015b
-
SSDEEP
98304:QbUDli9gt7fwLHPL+32QSpBSvoG50NA9tWDR:mUDlHbwbCGEocc4tI
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
net110_prober_v2.0.0.56_build011000_20140828/xDown.sh
-
Size
10KB
-
MD5
0fd588e45c0af687ef4e99d5c918da66
-
SHA1
a56acbe1b0fd9b2e56c858bb27996fe6d6cfee46
-
SHA256
52d2e0f7f08c6afb8a2a707571a0263a67c9b7bf93735cb7809149d3b79f7d82
-
SHA512
b84d40a1f710c7585453d0c3b4b23c90405078ee77101142d73e5546689a0f015482e9fb6c86c34d96cd9f4383b125136cf2fccd00af64f6d6378cd9e12232e3
-
SSDEEP
192:/dUa0GKrCB8pHRYDIgtV1MXy5td+6eWWp19qQytWatSu3n:ZOp0tVXSEmakOn
Score5/10-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-