Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows10-2004-x64

10

The-MALWAR...ll.exe

windows10-2004-x64

10

The-MALWAR...BS.exe

windows10-2004-x64

10

The-MALWAR...in.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows10-2004-x64

10

The-MALWAR....A.dll

windows10-2004-x64

7

The-MALWAR...r.xlsm

windows10-2004-x64

10

The-MALWAR...36c859

ubuntu-24.04-amd64

8

The-MALWAR...caa742

ubuntu-24.04-amd64

8

The-MALWAR...c1a732

ubuntu-24.04-amd64

8

The-MALWAR...57c046

ubuntu-24.04-amd64

8

The-MALWAR...460a01

ubuntu-24.04-amd64

8

The-MALWAR...ece0c5

ubuntu-24.04-amd64

8

The-MALWAR...257619

ubuntu-18.04-amd64

8

The-MALWAR...fbcc59

ubuntu-24.04-amd64

8

The-MALWAR...54f69c

ubuntu-24.04-amd64

8

The-MALWAR...d539a6

ubuntu-24.04-amd64

8

The-MALWAR...4996dd

ubuntu-24.04-amd64

8

The-MALWAR...8232d5

ubuntu-18.04-amd64

8

The-MALWAR...66b948

ubuntu-22.04-amd64

8

The-MALWAR...f9db86

ubuntu-24.04-amd64

8

The-MALWAR...ea2485

ubuntu-24.04-amd64

8

The-MALWAR...us.exe

windows10-2004-x64

7

The-MALWAR....a.exe

windows10-2004-x64

3

The-MALWAR....a.exe

windows10-2004-x64

7

The-MALWAR...ok.exe

windows10-2004-x64

1

The-MALWAR...y.html

windows10-2004-x64

4

The-MALWAR...ft.exe

windows10-2004-x64

4

The-MALWAR...en.exe

windows10-2004-x64

6

The-MALWAR...ve.apk

android-9-x86

The-MALWAR...ve.apk

android-10-x64

Resubmissions

11/04/2025, 21:31

250411-1cz7lazpx8 10

Analysis

  • max time kernel
    29s
  • max time network
    2s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20250410-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20250410-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    11/04/2025, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5

  • Size

    8.7MB

  • MD5

    8f0cb7af15afe40ed85f35e1b40b8f38

  • SHA1

    525f97d6e7e3cbb611a1cf37e955c0656f4b3c06

  • SHA256

    3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5

  • SHA512

    bd9e97b4042d89e081eced5781149b0d8e28a6e9d35c2a449a21aee26765ed8eea560434ba5e9a897c4e4c89d7a2b8997e31ad4ac2202a940b8731a5f447170d

  • SSDEEP

    98304:xFjhn+LznCFajBKs/Q1N4KGWISZOLor5lkFIGGw+Aw:Hjhn+HCS4s41N4KGWISZd5lrGG

Score
8/10
antivmdefense_evasiondiscoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Adds new SSH keys 1 TTPs 1 IoCs

    Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.

    persistenceprivilege_escalation
  • Deletes itself 1 IoCs
  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 3 IoCs

    Adversaries may detect and evade virtualized environments and sandboxes.

    defense_evasion
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 4 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
    /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
    1⤵
    • Adds new SSH keys
    • Deletes itself
    • Deletes log files
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    • Writes file to tmp directory
    PID:2018
    • /usr/bin/uname
      uname -a
      2⤵
        PID:2031
      • /usr/bin/cat
        cat /proc/cpuinfo
        2⤵
        • Checks CPU configuration
        PID:2032
      • /usr/bin/cat
        cat /etc/issue
        2⤵
          PID:2035
        • /usr/bin/free
          free -m
          2⤵
            PID:2036
          • /usr/bin/uptime
            uptime
            2⤵
            • Virtualization/Sandbox Evasion: Time Based Evasion
            • Reads runtime system information
            PID:2037
          • /usr/bin/journalctl
            journalctl -S "@0" -u sshd
            2⤵
            • Reads runtime system information
            PID:2038
          • /usr/bin/cat
            cat "/var/log/auth*"
            2⤵
              PID:2040
            • /usr/bin/zcat
              zcat "/var/log/auth*"
              2⤵
                PID:2041
              • /usr/local/sbin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:2041
              • /usr/local/bin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:2041
              • /usr/sbin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:2041
              • /usr/bin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:2041
              • /usr/bin/free
                free -m
                2⤵
                  PID:2042
                • /usr/bin/uptime
                  uptime
                  2⤵
                  • Virtualization/Sandbox Evasion: Time Based Evasion
                  PID:2043
                • /usr/bin/free
                  free -m
                  2⤵
                    PID:2044
                  • /usr/bin/uptime
                    uptime
                    2⤵
                    • Virtualization/Sandbox Evasion: Time Based Evasion
                    PID:2045

                Network

                MITRE ATT&CK Enterprise v16

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/nc
                  Filesize

                  8.7MB

                  MD5

                  8f0cb7af15afe40ed85f35e1b40b8f38

                  SHA1

                  525f97d6e7e3cbb611a1cf37e955c0656f4b3c06

                  SHA256

                  3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5

                  SHA512

                  bd9e97b4042d89e081eced5781149b0d8e28a6e9d35c2a449a21aee26765ed8eea560434ba5e9a897c4e4c89d7a2b8997e31ad4ac2202a940b8731a5f447170d

                  Download Submit