Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows7-x64

10

The-MALWAR...ot.exe

windows10-2004-x64

10

The-MALWAR...ll.exe

windows7-x64

10

The-MALWAR...ll.exe

windows10-2004-x64

10

The-MALWAR...BS.exe

windows7-x64

10

The-MALWAR...BS.exe

windows10-2004-x64

10

The-MALWAR...in.exe

windows7-x64

7

The-MALWAR...in.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows7-x64

7

The-MALWAR....A.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows7-x64

10

The-MALWAR....A.exe

windows10-2004-x64

10

The-MALWAR....A.dll

windows7-x64

7

The-MALWAR....A.dll

windows10-2004-x64

6

The-MALWAR...r.xlsm

windows7-x64

10

The-MALWAR...r.xlsm

windows10-2004-x64

10

The-MALWAR...36c859

ubuntu-24.04-amd64

8

The-MALWAR...caa742

ubuntu-24.04-amd64

8

The-MALWAR...c1a732

ubuntu-22.04-amd64

8

The-MALWAR...57c046

ubuntu-22.04-amd64

8

The-MALWAR...4cde86

ubuntu-24.04-amd64

8

The-MALWAR...460a01

ubuntu-22.04-amd64

8

The-MALWAR...ece0c5

ubuntu-22.04-amd64

8

The-MALWAR...257619

ubuntu-22.04-amd64

8

The-MALWAR...fbcc59

ubuntu-24.04-amd64

8

The-MALWAR...54f69c

ubuntu-24.04-amd64

8

The-MALWAR...d539a6

ubuntu-22.04-amd64

8

The-MALWAR...4996dd

ubuntu-18.04-amd64

8

The-MALWAR...8232d5

ubuntu-22.04-amd64

8

The-MALWAR...66b948

ubuntu-24.04-amd64

8

The-MALWAR...f9db86

ubuntu-24.04-amd64

8

The-MALWAR...ea2485

ubuntu-22.04-amd64

8

Resubmissions

22-10-2024 02:07

241022-cka1nssfkj 10

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    22-10-2024 02:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01

  • Size

    8.6MB

  • MD5

    819b0fdb2b9c8a440b734a7b72522f12

  • SHA1

    f3aff7e1c44d21508eb60797211570c84a53597a

  • SHA256

    30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01

  • SHA512

    fee2c0dbbc91e2486e409e8b6a877c6ec500e6c7c0491d4c44d37006c30de79b95dd4640c7c8c8efcc920abccbdb659a590fde1e2526126279b7486778d08b5a

  • SSDEEP

    98304:zhPTaS9ki2kJxOU/ci9Z6uHFg3+QIEvRihdF7Xk:dPTaS9kitnEi9Z6uHq3+XE8z

Score
8/10
antivmdefense_evasiondiscoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Adds new SSH keys 1 TTPs 1 IoCs

    Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.

    persistenceprivilege_escalation
  • Deletes itself 1 IoCs
  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 15 IoCs

    Adversaries may detect and evade virtualized environments and sandboxes.

    defense_evasion
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 30 IoCs
    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 4 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
    /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
    1⤵
    • Adds new SSH keys
    • Deletes itself
    • Deletes log files
    • Reads runtime system information
    • Writes file to tmp directory
    PID:1562
    • /usr/bin/uname
      uname -a
      2⤵
        PID:1573
      • /usr/bin/cat
        cat /proc/cpuinfo
        2⤵
        • Checks CPU configuration
        PID:1577
      • /usr/bin/cat
        cat /etc/issue
        2⤵
          PID:1578
        • /usr/bin/free
          free -m
          2⤵
          • Reads CPU attributes
          PID:1579
        • /usr/bin/uptime
          uptime
          2⤵
          • Virtualization/Sandbox Evasion: Time Based Evasion
          • Reads CPU attributes
          PID:1580
        • /usr/bin/journalctl
          journalctl -S "@0" -u sshd
          2⤵
            PID:1581
          • /usr/bin/cat
            cat "/var/log/auth*"
            2⤵
              PID:1582
            • /usr/bin/zcat
              zcat "/var/log/auth*"
              2⤵
                PID:1583
              • /usr/local/sbin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:1583
              • /usr/local/bin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:1583
              • /usr/sbin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:1583
              • /usr/bin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:1583
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1584
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                PID:1585
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1586
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                • Reads runtime system information
                PID:1587
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1590
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                PID:1591
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1592
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                PID:1593
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1594
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                PID:1595
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1602
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                PID:1603
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1604
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                PID:1605
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1606
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                PID:1607
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1608
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                • Reads runtime system information
                PID:1609
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1610
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                • Reads runtime system information
                PID:1611
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1612
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                PID:1613
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1617
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                PID:1618
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1619
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                PID:1620
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1621
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                • Reads CPU attributes
                • Reads runtime system information
                PID:1622

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/nc
              Filesize

              8.6MB

              MD5

              819b0fdb2b9c8a440b734a7b72522f12

              SHA1

              f3aff7e1c44d21508eb60797211570c84a53597a

              SHA256

              30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01

              SHA512

              fee2c0dbbc91e2486e409e8b6a877c6ec500e6c7c0491d4c44d37006c30de79b95dd4640c7c8c8efcc920abccbdb659a590fde1e2526126279b7486778d08b5a

              Download Submit