Overview

overview

6

Static

static

3

DDoS-Rippe...per.py

ubuntu-18.04-amd64

6

DDoS-Rippe...per.py

debian-9-armhf

3

DDoS-Rippe...per.py

debian-9-mips

3

DDoS-Rippe...per.py

debian-9-mipsel

3

DDoS-Rippe...t__.py

ubuntu-18.04-amd64

3

DDoS-Rippe...t__.py

debian-9-armhf

3

DDoS-Rippe...t__.py

debian-9-mips

3

DDoS-Rippe...t__.py

debian-9-mipsel

3

DDoS-Rippe...38.pyc

ubuntu-18.04-amd64

DDoS-Rippe...38.pyc

debian-9-armhf

DDoS-Rippe...38.pyc

debian-9-mips

DDoS-Rippe...38.pyc

debian-9-mipsel

DDoS-Rippe...rm.dll

ubuntu-18.04-amd64

DDoS-Rippe...rm.dll

debian-9-armhf

DDoS-Rippe...rm.dll

debian-9-mips

DDoS-Rippe...rm.dll

debian-9-mipsel

Resubmissions

08/09/2024, 09:49

240908-ltpd4aygpj 6

07/09/2024, 21:53

240907-1rsq3axcrn 3

07/09/2024, 21:50

240907-1qbq6axckp 3

07/09/2024, 21:47

240907-1nltcazblh 6

07/09/2024, 21:46

240907-1mtskazbja 3

07/09/2024, 21:44

240907-1lm9dszalh 6

07/09/2024, 21:41

240907-1jybksyhpc 8

Analysis

  • max time kernel
    3s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    07/09/2024, 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DDoS-Ripper Pro/DRipper.py

  • Size

    47KB

  • MD5

    836fb4703be19909e41c9b5f8db4b357

  • SHA1

    b99ef3621d34d01597c4ebeda84a08584f630068

  • SHA256

    2f8ffe7521b02a75326cbd70a1783294809fb0c6e3f6a02af72bdc86bf1d7b36

  • SHA512

    b941cfa9519f9b021bffc67499ce9552015c72dcf2511b6d5500dc495e63e028fc3de9990ef17e842e0705f338d1520ab76ddac3c674641800b6a7eafaba0bec

  • SSDEEP

    768:0H91otr8AvZxM6DoFUD6iNUTRUvbV8M3s30MoT3ECBY5jZIJZGmwKS:0HDO/6UD6iNYRQJ8Mc30plY5mJwmc

Score
3/10
discovery

Malware Config

Signatures

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /usr/bin/python
    python "/tmp/DDoS-Ripper Pro/DRipper.py"
    1⤵
    • Reads runtime system information
    • Writes file to tmp directory
    PID:649
    • /bin/sh
      sh -c "uname -p 2> /dev/null"
      2⤵
        PID:667
        • /bin/uname
          uname -p
          3⤵
            PID:669

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads