Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows7-x64

10

The-MALWAR...ot.exe

windows10-2004-x64

10

The-MALWAR...ll.exe

windows7-x64

10

The-MALWAR...ll.exe

windows10-2004-x64

10

The-MALWAR...BS.exe

windows7-x64

10

The-MALWAR...BS.exe

windows10-2004-x64

10

The-MALWAR...in.exe

windows7-x64

7

The-MALWAR...in.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows7-x64

7

The-MALWAR....A.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows7-x64

10

The-MALWAR....A.exe

windows10-2004-x64

10

The-MALWAR....A.dll

windows7-x64

7

The-MALWAR....A.dll

windows10-2004-x64

6

The-MALWAR...r.xlsm

windows7-x64

10

The-MALWAR...r.xlsm

windows10-2004-x64

10

The-MALWAR...36c859

ubuntu-22.04-amd64

8

The-MALWAR...caa742

ubuntu-22.04-amd64

8

The-MALWAR...c1a732

ubuntu-20.04-amd64

8

The-MALWAR...57c046

ubuntu-22.04-amd64

8

The-MALWAR...4cde86

ubuntu-24.04-amd64

8

The-MALWAR...460a01

ubuntu-24.04-amd64

8

The-MALWAR...ece0c5

ubuntu-22.04-amd64

8

The-MALWAR...257619

ubuntu-24.04-amd64

8

The-MALWAR...fbcc59

ubuntu-22.04-amd64

8

The-MALWAR...54f69c

ubuntu-22.04-amd64

8

The-MALWAR...d539a6

ubuntu-18.04-amd64

8

The-MALWAR...4996dd

ubuntu-24.04-amd64

8

The-MALWAR...8232d5

ubuntu-24.04-amd64

8

The-MALWAR...66b948

ubuntu-22.04-amd64

8

The-MALWAR...f9db86

ubuntu-24.04-amd64

8

The-MALWAR...ea2485

ubuntu-22.04-amd64

8

Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    18-07-2024 21:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742

  • Size

    8.7MB

  • MD5

    76fe4fdd628218f630ba50f91ceba852

  • SHA1

    6e90f2fe619597115e5b8dd8b0d1fb0c8ad33fa4

  • SHA256

    041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742

  • SHA512

    7956505ae0d8479a92ddf97bb09a757566ef526934ee06b4273f0fc450e4da9204808ffa4f4674f4e6e313eb718a7c65f258ef8d23b9769b8aa12d47610d8011

  • SSDEEP

    98304:f27or8Dynb9c4EHv9/fW/NQXPvTCaedHuaJE3fSdCnKg27Xk:f27or8DyO4UnwQfvTCXdHua4No

Score
8/10
antivmpersistence

Malware Config

Signatures

  • Adds new SSH keys 1 IoCs

    Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.

    persistence
  • Deletes itself 1 IoCs
  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 30 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
    /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
    1⤵
    • Adds new SSH keys
    • Deletes log files
    • Reads runtime system information
    • Writes file to tmp directory
    PID:1570
    • /usr/bin/uname
      uname -a
      2⤵
        PID:1581
      • /usr/bin/cat
        cat /proc/cpuinfo
        2⤵
        • Checks CPU configuration
        PID:1585
      • /usr/bin/cat
        cat /etc/issue
        2⤵
          PID:1586
        • /usr/bin/free
          free -m
          2⤵
          • Reads CPU attributes
          PID:1587
        • /usr/bin/uptime
          uptime
          2⤵
          • Reads CPU attributes
          • Reads runtime system information
          PID:1588
        • /usr/bin/journalctl
          journalctl -S "@0" -u sshd
          2⤵
          • Reads runtime system information
          PID:1589
        • /usr/bin/cat
          cat "/var/log/auth*"
          2⤵
            PID:1590
          • /usr/bin/zcat
            zcat "/var/log/auth*"
            2⤵
              PID:1591
            • /usr/local/sbin/gzip
              gzip -cd "/var/log/auth*"
              2⤵
                PID:1591
              • /usr/local/bin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                  PID:1591
                • /usr/sbin/gzip
                  gzip -cd "/var/log/auth*"
                  2⤵
                    PID:1591
                  • /usr/bin/gzip
                    gzip -cd "/var/log/auth*"
                    2⤵
                      PID:1591
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      PID:1592
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      PID:1593
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      PID:1594
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      PID:1595
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      • Reads runtime system information
                      PID:1598
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      PID:1599
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      PID:1600
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      • Reads runtime system information
                      PID:1601
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      PID:1602
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      • Reads runtime system information
                      PID:1603
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      PID:1610
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      PID:1611
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      PID:1612
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      PID:1613
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      • Reads runtime system information
                      PID:1614
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      PID:1615
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      • Reads runtime system information
                      PID:1616
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      • Reads runtime system information
                      PID:1617
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      • Reads runtime system information
                      PID:1618
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      PID:1619
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      • Reads runtime system information
                      PID:1620
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      PID:1621
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      PID:1625
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      • Reads runtime system information
                      PID:1626
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      • Reads runtime system information
                      PID:1627
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      PID:1628
                    • /usr/bin/free
                      free -m
                      2⤵
                      • Reads CPU attributes
                      PID:1629
                    • /usr/bin/uptime
                      uptime
                      2⤵
                      • Reads CPU attributes
                      • Reads runtime system information
                      PID:1630

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/nc
                    Filesize

                    8.7MB

                    MD5

                    76fe4fdd628218f630ba50f91ceba852

                    SHA1

                    6e90f2fe619597115e5b8dd8b0d1fb0c8ad33fa4

                    SHA256

                    041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742

                    SHA512

                    7956505ae0d8479a92ddf97bb09a757566ef526934ee06b4273f0fc450e4da9204808ffa4f4674f4e6e313eb718a7c65f258ef8d23b9769b8aa12d47610d8011

                    Download Submit