Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows7-x64

10

The-MALWAR...ot.exe

windows10-2004-x64

10

The-MALWAR...ll.exe

windows7-x64

10

The-MALWAR...ll.exe

windows10-2004-x64

10

The-MALWAR...BS.exe

windows7-x64

10

The-MALWAR...BS.exe

windows10-2004-x64

10

The-MALWAR...in.exe

windows7-x64

7

The-MALWAR...in.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows7-x64

7

The-MALWAR....A.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows7-x64

10

The-MALWAR....A.exe

windows10-2004-x64

10

The-MALWAR....A.dll

windows7-x64

7

The-MALWAR....A.dll

windows10-2004-x64

6

The-MALWAR...r.xlsm

windows7-x64

10

The-MALWAR...r.xlsm

windows10-2004-x64

10

The-MALWAR...36c859

ubuntu-22.04-amd64

8

The-MALWAR...caa742

ubuntu-22.04-amd64

8

The-MALWAR...c1a732

ubuntu-24.04-amd64

8

The-MALWAR...57c046

ubuntu-24.04-amd64

8

The-MALWAR...4cde86

ubuntu-24.04-amd64

8

The-MALWAR...460a01

ubuntu-24.04-amd64

8

The-MALWAR...ece0c5

ubuntu-20.04-amd64

8

The-MALWAR...257619

ubuntu-24.04-amd64

8

The-MALWAR...fbcc59

ubuntu-22.04-amd64

8

The-MALWAR...54f69c

ubuntu-24.04-amd64

8

The-MALWAR...d539a6

ubuntu-22.04-amd64

8

The-MALWAR...4996dd

ubuntu-24.04-amd64

8

The-MALWAR...8232d5

ubuntu-18.04-amd64

8

The-MALWAR...66b948

ubuntu-24.04-amd64

8

The-MALWAR...f9db86

ubuntu-24.04-amd64

8

The-MALWAR...ea2485

ubuntu-24.04-amd64

8

Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    18/01/2025, 04:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5

  • Size

    8.7MB

  • MD5

    100bff2f4ee4d88b005bb016daa04fe6

  • SHA1

    36e5f8f70890601aa2adaffb203afd06516097f0

  • SHA256

    90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5

  • SHA512

    a1cb52bc6edaa7f8bb216d2a5f3deb0b8468c64b43931ef570c05e6a9872c63f00aff50d69686fdc2ea25d3d83da4bf9d78f5e6910643163570d0bd6279c6e16

  • SSDEEP

    98304:wRINZeR9Zy031d3eDi2dZQT3/S1GVlOre53ziKZ7Xk:wRINZeR9Zx1CFDQD/SQVlOrKr

Score
8/10
antivmdefense_evasiondiscoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Adds new SSH keys 1 TTPs 1 IoCs

    Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.

    persistenceprivilege_escalation
  • Deletes itself 1 IoCs
  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 15 IoCs

    Adversaries may detect and evade virtualized environments and sandboxes.

    defense_evasion
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 30 IoCs
    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 1 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery

Processes

  • /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
    /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
    1⤵
    • Adds new SSH keys
    • Deletes itself
    • Deletes log files
    • Reads runtime system information
    PID:1526
    • /bin/uname
      uname -a
      2⤵
        PID:1536
      • /bin/cat
        cat /proc/cpuinfo
        2⤵
        • Checks CPU configuration
        PID:1537
      • /bin/cat
        cat /etc/issue
        2⤵
          PID:1538
        • /usr/bin/free
          free -m
          2⤵
          • Reads CPU attributes
          • Reads runtime system information
          PID:1539
        • /usr/bin/uptime
          uptime
          2⤵
          • Virtualization/Sandbox Evasion: Time Based Evasion
          • Reads CPU attributes
          PID:1540
        • /bin/journalctl
          journalctl -S "@0" -u sshd
          2⤵
          • Reads runtime system information
          PID:1545
        • /bin/cat
          cat "/var/log/auth*"
          2⤵
            PID:1546
          • /bin/zcat
            zcat "/var/log/auth*"
            2⤵
              PID:1547
            • /bin/gzip
              gzip -cd "/var/log/auth*"
              2⤵
              • System Network Configuration Discovery
              PID:1547
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1548
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              • Reads runtime system information
              PID:1549
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1550
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1551
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1554
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1555
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1556
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1557
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1558
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              • Reads runtime system information
              PID:1559
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1560
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1561
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1562
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1563
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              • Reads runtime system information
              PID:1564
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              • Reads runtime system information
              PID:1565
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1566
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1567
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1568
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1569
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1570
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1571
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              • Reads runtime system information
              PID:1572
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1573
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              PID:1574
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              PID:1575
            • /usr/bin/free
              free -m
              2⤵
              • Reads CPU attributes
              • Reads runtime system information
              PID:1576
            • /usr/bin/uptime
              uptime
              2⤵
              • Virtualization/Sandbox Evasion: Time Based Evasion
              • Reads CPU attributes
              • Reads runtime system information
              PID:1577

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /root/.ssh/authorized_keys
            Filesize

            381B

            MD5

            9da18d38b6dd4c4aa84642378d63fa89

            SHA1

            c5a976691e4b5963b5e760044f22cc9685268db6

            SHA256

            43062900b2539d8d1f67f30fa7042c56b53541f63875b5f0de5d8fbde0e0a8bf

            SHA512

            222b20b5b2ff8956c13dbac1f8d3f81435613b751913d65f4c4082ea9c1a7c8ae91be17a24ef4ae0c708bfe09daab552bb209615714d70acfaaed89c536c71b3

            Download Submit