Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows7-x64

10

The-MALWAR...ot.exe

windows10-2004-x64

10

The-MALWAR...ll.exe

windows7-x64

10

The-MALWAR...ll.exe

windows10-2004-x64

10

The-MALWAR...BS.exe

windows7-x64

10

The-MALWAR...BS.exe

windows10-2004-x64

10

The-MALWAR...in.exe

windows7-x64

7

The-MALWAR...in.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows7-x64

7

The-MALWAR....A.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows7-x64

10

The-MALWAR....A.exe

windows10-2004-x64

10

The-MALWAR....A.dll

windows7-x64

7

The-MALWAR....A.dll

windows10-2004-x64

6

The-MALWAR...r.xlsm

windows7-x64

10

The-MALWAR...r.xlsm

windows10-2004-x64

10

The-MALWAR...36c859

ubuntu-22.04-amd64

8

The-MALWAR...caa742

ubuntu-22.04-amd64

8

The-MALWAR...c1a732

ubuntu-24.04-amd64

8

The-MALWAR...57c046

ubuntu-24.04-amd64

8

The-MALWAR...4cde86

ubuntu-24.04-amd64

8

The-MALWAR...460a01

ubuntu-24.04-amd64

8

The-MALWAR...ece0c5

ubuntu-20.04-amd64

8

The-MALWAR...257619

ubuntu-24.04-amd64

8

The-MALWAR...fbcc59

ubuntu-22.04-amd64

8

The-MALWAR...54f69c

ubuntu-24.04-amd64

8

The-MALWAR...d539a6

ubuntu-22.04-amd64

8

The-MALWAR...4996dd

ubuntu-24.04-amd64

8

The-MALWAR...8232d5

ubuntu-18.04-amd64

8

The-MALWAR...66b948

ubuntu-24.04-amd64

8

The-MALWAR...f9db86

ubuntu-24.04-amd64

8

The-MALWAR...ea2485

ubuntu-24.04-amd64

8

Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    18/01/2025, 04:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5

  • Size

    8.7MB

  • MD5

    100bff2f4ee4d88b005bb016daa04fe6

  • SHA1

    36e5f8f70890601aa2adaffb203afd06516097f0

  • SHA256

    90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5

  • SHA512

    a1cb52bc6edaa7f8bb216d2a5f3deb0b8468c64b43931ef570c05e6a9872c63f00aff50d69686fdc2ea25d3d83da4bf9d78f5e6910643163570d0bd6279c6e16

  • SSDEEP

    98304:wRINZeR9Zy031d3eDi2dZQT3/S1GVlOre53ziKZ7Xk:wRINZeR9Zx1CFDQD/SQVlOrKr

Score
8/10
antivmdefense_evasiondiscoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Adds new SSH keys 1 TTPs 1 IoCs

    Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.

    persistenceprivilege_escalation
  • Deletes itself 1 IoCs
  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 15 IoCs

    Adversaries may detect and evade virtualized environments and sandboxes.

    defense_evasion
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 30 IoCs
    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 1 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery

Processes

  • /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
    /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
    1⤵
    • Adds new SSH keys
    • Deletes itself
    • Deletes log files
    • Reads runtime system information
    PID:1526
    • /bin/uname
      uname -a
      2⤵
        PID:1536
      • /bin/cat
        cat /proc/cpuinfo
        2⤵
        • Checks CPU configuration
        PID:1537
      • /bin/cat
        cat /etc/issue
        2⤵
          PID:1538
        • /usr/bin/free
          free -m
          2⤵
          • Reads CPU attributes
          • Reads runtime system information
          PID:1539
        • /usr/bin/uptime
          uptime
          2⤵
          • Virtualization/Sandbox Evasion: Time Based Evasion
          • Reads CPU attributes
          PID:1540
        • /bin/journalctl
          journalctl -S "@0" -u sshd
          2⤵
          • Reads runtime system information
          PID:1545
        • /bin/cat
          cat "/var/log/auth*"
          2⤵
            PID:1546
          • /bin/zcat
            zcat "/var/log/auth*"
            2⤵
              PID:1547
            • /bin/gzip
              gzip -cd "/var/log/auth*"
              2⤵
              • System Network Configuration Discovery
              PID:1547
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1548
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              • Reads runtime system information
              PID:1549
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1550
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1551
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1554
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1555
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1556
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1557
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1558
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              • Reads runtime system information
              PID:1559
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1560
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1561
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1562
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1563
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              • Reads runtime system information
              PID:1564
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              • Reads runtime system information
              PID:1565
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1566
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1567
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1568
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1569
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1570
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1571
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              • Reads runtime system information
              PID:1572
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1573
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1574
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1575
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              • Reads runtime system information
              PID:1576
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              • Reads runtime system information
              PID:1577

          Network

            No results found
          • 185.125.188.62:443
            tls
            135 B
             2
          • 185.125.188.62:443
            tls
            135 B
             2
          • 151.101.193.91:443
            tls, https
            233 B
             40 B
             1
            1
          • 151.101.193.91:443
            extensions.gnome.org
            tls
            1.1kB
             5.8kB
             14
            14
          • 89.187.167.38:443
            tls
            135 B
             40 B
             2
            1
          • 159.133.190.242:22
            360 B
             6
          • 135.37.137.64:2222
            360 B
             6
          • 184.6.16.156:2222
            360 B
             6
          • 135.244.229.214:2222
            360 B
             6
          • 187.50.217.58:2222
            360 B
             6
          • 34.170.78.27:22
            360 B
             6
          • 128.126.58.93:22
            360 B
             6
          • 102.31.219.190:22
            360 B
             6
          • 205.204.59.8:2222
            360 B
             6
          • 137.29.232.209:2222
            360 B
             6
          • 108.2.104.172:22
            360 B
             6
          • 161.184.97.78:22
            360 B
             6
          • 5.12.241.142:22
            360 B
             6
          • 113.140.179.49:22
            360 B
             6
          • 108.2.104.172:2222
            360 B
             6
          • 1.247.241.102:2222
            360 B
             6
          • 195.233.13.230:2222
            360 B
             6
          • 68.21.93.86:2222
            360 B
             6
          • 223.210.177.120:2222
            360 B
             6
          • 145.228.21.106:2222
            360 B
             6
          • 137.29.232.209:22
            360 B
             6
          • 86.113.168.51:2222
            360 B
             6
          • 217.233.152.32:22
            360 B
             6
          • 105.209.38.72:22
            360 B
             6
          • 105.46.72.191:22
            360 B
             6
          • 137.252.26.238:2222
            360 B
             6
          • 205.12.180.114:22
            360 B
             6
          • 100.97.205.119:22
            360 B
             6
          • 195.98.225.55:2222
            360 B
             6
          • 113.89.1.46:22
            360 B
             6
          • 76.57.189.130:22
            360 B
             6
          • 135.37.137.64:22
            360 B
             6
          • 34.170.78.27:2222
            300 B
             5
          • 217.233.152.32:2222
            300 B
             5
          • 121.10.201.49:22
            300 B
             5
          • 24.225.180.18:2222
            300 B
             5
          • 128.126.58.93:2222
            300 B
             5
          • 113.140.179.49:2222
            300 B
             5
          • 187.46.180.3:2222
            300 B
             5
          • 86.113.168.51:22
            300 B
             5
          • 145.228.21.106:22
            300 B
             5
          • 121.10.201.49:2222
            300 B
             5
          • 196.173.19.198:22
            300 B
             5
          • 21.156.205.64:2222
            300 B
             5
          • 47.73.31.68:22
            300 B
             5
          • 153.135.29.116:22
            300 B
             5
          • 1.247.241.102:22
            300 B
             5
          • 110.170.175.29:2222
            300 B
             5
          • 105.46.72.191:2222
            300 B
             5
          • 133.157.21.253:22
            300 B
             5
          • 205.12.180.114:2222
            300 B
             5
          • 145.81.100.201:2222
            300 B
             5
          • 21.156.205.64:22
            300 B
             5
          • 47.73.31.68:2222
            300 B
             5
          • 210.248.126.104:2222
            300 B
             5
          • 112.137.91.178:22
            300 B
             5
          • 195.98.225.55:22
            300 B
             5
          • 5.30.141.230:22
            300 B
             5
          • 3.37.159.228:22
            300 B
             5
          • 72.131.39.140:2222
            300 B
             5
          • 218.188.242.113:22
            300 B
             5
          • 43.186.126.109:2222
            300 B
             5
          • 132.178.105.194:2222
            300 B
             5
          • 187.50.217.58:22
            300 B
             5
          • 224.0.0.251:5353
            146 B
             2

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /root/.ssh/authorized_keys
            Filesize

            381B

            MD5

            9da18d38b6dd4c4aa84642378d63fa89

            SHA1

            c5a976691e4b5963b5e760044f22cc9685268db6

            SHA256

            43062900b2539d8d1f67f30fa7042c56b53541f63875b5f0de5d8fbde0e0a8bf

            SHA512

            222b20b5b2ff8956c13dbac1f8d3f81435613b751913d65f4c4082ea9c1a7c8ae91be17a24ef4ae0c708bfe09daab552bb209615714d70acfaaed89c536c71b3

            Download Submit

          We care about your privacy.

          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.