Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows10-2004-x64

10

The-MALWAR...ll.exe

windows10-2004-x64

10

The-MALWAR...BS.exe

windows10-2004-x64

10

The-MALWAR...in.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows10-2004-x64

10

The-MALWAR....A.dll

windows10-2004-x64

7

The-MALWAR...r.xlsm

windows10-2004-x64

10

The-MALWAR...36c859

ubuntu-24.04-amd64

8

The-MALWAR...caa742

ubuntu-24.04-amd64

8

The-MALWAR...c1a732

ubuntu-24.04-amd64

8

The-MALWAR...57c046

ubuntu-24.04-amd64

8

The-MALWAR...460a01

ubuntu-24.04-amd64

8

The-MALWAR...ece0c5

ubuntu-24.04-amd64

8

The-MALWAR...257619

ubuntu-18.04-amd64

8

The-MALWAR...fbcc59

ubuntu-24.04-amd64

8

The-MALWAR...54f69c

ubuntu-24.04-amd64

8

The-MALWAR...d539a6

ubuntu-24.04-amd64

8

The-MALWAR...4996dd

ubuntu-24.04-amd64

8

The-MALWAR...8232d5

ubuntu-18.04-amd64

8

The-MALWAR...66b948

ubuntu-22.04-amd64

8

The-MALWAR...f9db86

ubuntu-24.04-amd64

8

The-MALWAR...ea2485

ubuntu-24.04-amd64

8

The-MALWAR...us.exe

windows10-2004-x64

7

The-MALWAR....a.exe

windows10-2004-x64

3

The-MALWAR....a.exe

windows10-2004-x64

7

The-MALWAR...ok.exe

windows10-2004-x64

1

The-MALWAR...y.html

windows10-2004-x64

4

The-MALWAR...ft.exe

windows10-2004-x64

4

The-MALWAR...en.exe

windows10-2004-x64

6

The-MALWAR...ve.apk

android-9-x86

The-MALWAR...ve.apk

android-10-x64

Resubmissions

11/04/2025, 21:31

250411-1cz7lazpx8 10

Analysis

  • max time kernel
    29s
  • max time network
    2s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20250410-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20250410-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    11/04/2025, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c

  • Size

    8.7MB

  • MD5

    3fe7b88a9ba6c5acee4faae760642b78

  • SHA1

    bae245bc98c516604838c6ce5a233f066de44a50

  • SHA256

    6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c

  • SHA512

    02abc8d4fe280306a9ac6a25d28cf174a8d51a43d98b6837bc129701d8c0ab486eebaeef11062b58c455627d4de7c8782b3828aa02891fe439ca1ca617038f95

  • SSDEEP

    98304:g4K0/V2eKEDj+VK61qXXiQqwMwUa/f0OstejSUVv7Xk:g4K0/V2eKM+D4SQbMwX/f0Oskz

Score
8/10
antivmdefense_evasiondiscoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Adds new SSH keys 1 TTPs 1 IoCs

    Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.

    persistenceprivilege_escalation
  • Deletes itself 1 IoCs
  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 3 IoCs

    Adversaries may detect and evade virtualized environments and sandboxes.

    defense_evasion
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 4 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
    /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
    1⤵
    • Adds new SSH keys
    • Deletes itself
    • Deletes log files
    • Reads runtime system information
    • Writes file to tmp directory
    PID:2010
    • /usr/bin/uname
      uname -a
      2⤵
        PID:2022
      • /usr/bin/cat
        cat /proc/cpuinfo
        2⤵
        • Checks CPU configuration
        PID:2025
      • /usr/bin/cat
        cat /etc/issue
        2⤵
          PID:2028
        • /usr/bin/free
          free -m
          2⤵
            PID:2029
          • /usr/bin/uptime
            uptime
            2⤵
            • Virtualization/Sandbox Evasion: Time Based Evasion
            • Reads runtime system information
            PID:2030
          • /usr/bin/journalctl
            journalctl -S "@0" -u sshd
            2⤵
            • Reads runtime system information
            PID:2031
          • /usr/bin/cat
            cat "/var/log/auth*"
            2⤵
              PID:2033
            • /usr/bin/zcat
              zcat "/var/log/auth*"
              2⤵
                PID:2034
              • /usr/local/sbin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:2034
              • /usr/local/bin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:2034
              • /usr/sbin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:2034
              • /usr/bin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:2034
              • /usr/bin/free
                free -m
                2⤵
                • Reads runtime system information
                PID:2035
              • /usr/bin/uptime
                uptime
                2⤵
                • Virtualization/Sandbox Evasion: Time Based Evasion
                PID:2036
              • /usr/bin/free
                free -m
                2⤵
                  PID:2037
                • /usr/bin/uptime
                  uptime
                  2⤵
                  • Virtualization/Sandbox Evasion: Time Based Evasion
                  PID:2038

              Network

              MITRE ATT&CK Enterprise v16

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/nc
                Filesize

                8.7MB

                MD5

                3fe7b88a9ba6c5acee4faae760642b78

                SHA1

                bae245bc98c516604838c6ce5a233f066de44a50

                SHA256

                6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c

                SHA512

                02abc8d4fe280306a9ac6a25d28cf174a8d51a43d98b6837bc129701d8c0ab486eebaeef11062b58c455627d4de7c8782b3828aa02891fe439ca1ca617038f95

                Download Submit