General
-
Target
install-frps.sh
-
Size
37KB
-
Sample
230208-deex4sgd2y
-
MD5
e062fe16029b8bd7006c453620c09e5b
-
SHA1
a571cd71c0044bc8494b4bd22c19b5452c193c2d
-
SHA256
40c68134a0b1aa9457d3748823fb824675d250f49cf0c7a144444ef103434bd4
-
SHA512
25d573cb31debaa97fb0139211ceb3360a808d39808711701b14af0a355320edbaa802ed996439ec6b7ad66f0a92f7e1d013c20be5c1694d967c5179b3167666
-
SSDEEP
768:0PwG/vA5OptHvwvvXJy3bq3cJkwnoW3ymFWF3InBQ3DFzseT0sryfQnyUHomBxdd:+9tqexnoW3ymFWF3InBQ3N0sufQnyUHx
Malware Config
Targets
-
-
Target
install-frps.sh
-
Size
37KB
-
MD5
e062fe16029b8bd7006c453620c09e5b
-
SHA1
a571cd71c0044bc8494b4bd22c19b5452c193c2d
-
SHA256
40c68134a0b1aa9457d3748823fb824675d250f49cf0c7a144444ef103434bd4
-
SHA512
25d573cb31debaa97fb0139211ceb3360a808d39808711701b14af0a355320edbaa802ed996439ec6b7ad66f0a92f7e1d013c20be5c1694d967c5179b3167666
-
SSDEEP
768:0PwG/vA5OptHvwvvXJy3bq3cJkwnoW3ymFWF3InBQ3DFzseT0sryfQnyUHomBxdd:+9tqexnoW3ymFWF3InBQ3N0sufQnyUHx
Score9/10-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Deletes system logs
-
Writes file to system bin folder
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-