General

  • Target

    All.zip

  • Size

    7.0MB

  • MD5

    2404b782c8a4c1331a548e27e1558ea7

  • SHA1

    d801e6e4dc86758272d2f1c591ee6fe492426145

  • SHA256

    55e90e18b443a15116c1102dd21397fd1c7dd1e9aff347e1267c27032e3e4bb3

  • SHA512

    4c82b0fdf873253a7bbad72e85ada1b569552b755512d727565abb5ec45564a9b7f5a2aae7951dfb97d1aa4cb305c95c3d6e1e3af8c5e1ead244473f624cfbc3

  • SSDEEP

    196608:KT8rFf9o0gtSuOOQA7P5Krz2wqYVde4p0CaOB7:KT8t6ROm7hKrz254p0KB7

Score
10/10

Malware Config

Extracted

Family

connectback

C2

185.232.65.146:1987

Signatures

Files

  • All.zip
    .zip
  • 2767861651c0e8ed8321adbbb4e691912b6ae7a835192462971796ebebaed543.zip
    .zip
  • 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.zip
    .zip

    Password: infected

  • 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh
    .sh linux
  • 3d93d26bca6930823ec8b92e4b9c738c75b5a9285df077a9ff3bfbd60b5c6b06.zip
    .zip

    Password: infected

  • 3d93d26bca6930823ec8b92e4b9c738c75b5a9285df077a9ff3bfbd60b5c6b06.sh
    .sh linux
  • b0baf071692d63267aaf41bd3db933826523b59e8fca49655e1656ce0c656c71.zip
    .zip

    Password: infected

  • b0baf071692d63267aaf41bd3db933826523b59e8fca49655e1656ce0c656c71.zip
    .zip
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/README.txt
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/bash_decryptor.sh
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/bash_encryptor.sh
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/bash_encryptor.sh.save
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/bash_encryptor1.sh
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/code.sh
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/code1.sh
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_first.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_second.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt3.sh
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt3.sh.save
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt_file.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/pass_server.py
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/socket_code_sender.sh
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/supermicro_cr
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/supermicro_cr.save
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/supermicro_cr.save.1
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/supermicro_cr.save.2
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/supermicro_cr1
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/supermicro_cr1.save
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/supermicro_cr_second
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/supermicro_cr_second.save
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/supermicro_cr_third
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/binaryinject/Makefile
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/binaryinject/binaryinject.c
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/bot/bot_first.sh
    .sh .ps1 linux polyglot
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/bot/bot_send_ip_who.sh.save.save
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/bot/botsec.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/bot/commands.txt
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/bot/supermicro_bt
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/check/api_attack/downloader/test_attack/attack_file.txt
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/check/api_attack/downloader/test_attack/downloader.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/check/api_attack/downloader/test_attack/downloader.sh.save
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/check/api_attack/downloader/test_attack/hosts_64
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/check/api_attack/downloader/test_attack/test.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/check/api_attack/downloader/test_attack/test_host
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/1.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/bash.sh.save
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/bash.sh.save.save
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/bash23.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/binaryinject.so
    .elf linux x64
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/binaryinject1.so
    .elf linux x64
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/binaryinject2.so
    .elf linux x64
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/binaryinject_b.so
    .elf linux x64
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/binaryinject_rsync.so
    .elf linux x64
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/binaryinject_scp.so
    .elf linux x64
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/binaryinject_t.so
    .elf linux x64
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/boa
    .elf linux x64
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/bt_install.sh
    .sh .ps1 linux polyglot
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/c
    .elf linux arm
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/clear_log.sh
    .sh .ps1 linux polyglot
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/commands.txt
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/commands1.txt
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/example.py
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/exploit.py
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/exploit.py.save
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/exploit1.py
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/exploit3.py
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/exploit4.py
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/g
    .elf linux arm
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/git_iptables.sh
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/git_iptables.sh.save
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/line.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/m
    .elf linux arm
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/mon.8.gz
    .sh .ps1 linux polyglot
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/n
    .elf linux arm
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/navi_index.php
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/navi_shell.sh
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/new
    .elf linux arm
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/nwe
    .elf linux arm
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/pwd.c
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/q.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/q1.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/q2.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/q_casino.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/r.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/real_ip.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/real_ip_new.sh
    .sh .vbs linux polyglot
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/rew
    .elf linux arm
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/s.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/security.sh
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/security.sh.save
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/security.sh.save.1
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/security.sh.save.2
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/security.sh.save.3
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/server_shell.py
    .py .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/service.sh
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/start_process.sh
    .sh linux
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/utmp
    .elf linux x64
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/wowowowow.php
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/wtmp
    .elf linux x64
  • 31.214.157.40_#DarkRadiation_by_@r3dbU7z/main_dir/wtmp_utmp_inject.c
  • bcdf0bd8142a4828c61e775686c9892d89893ed0f5093bdc70bde3e48d04ab99.zip
    .zip
  • fdbeaa01ca82e1336dcd916860f2c36cc89e484b365d93f60279983dd7cd3c25.zip
    .zip

    Password: infected

  • fdbeaa01ca82e1336dcd916860f2c36cc89e484b365d93f60279983dd7cd3c25.sh