Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows10-2004-x64

10

The-MALWAR...ll.exe

windows10-2004-x64

10

The-MALWAR...BS.exe

windows10-2004-x64

10

The-MALWAR...in.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows10-2004-x64

10

The-MALWAR....A.dll

windows10-2004-x64

7

The-MALWAR...r.xlsm

windows10-2004-x64

10

The-MALWAR...36c859

ubuntu-24.04-amd64

8

The-MALWAR...caa742

ubuntu-24.04-amd64

8

The-MALWAR...c1a732

ubuntu-24.04-amd64

8

The-MALWAR...57c046

ubuntu-24.04-amd64

8

The-MALWAR...460a01

ubuntu-24.04-amd64

8

The-MALWAR...ece0c5

ubuntu-24.04-amd64

8

The-MALWAR...257619

ubuntu-18.04-amd64

8

The-MALWAR...fbcc59

ubuntu-24.04-amd64

8

The-MALWAR...54f69c

ubuntu-24.04-amd64

8

The-MALWAR...d539a6

ubuntu-24.04-amd64

8

The-MALWAR...4996dd

ubuntu-24.04-amd64

8

The-MALWAR...8232d5

ubuntu-18.04-amd64

8

The-MALWAR...66b948

ubuntu-22.04-amd64

8

The-MALWAR...f9db86

ubuntu-24.04-amd64

8

The-MALWAR...ea2485

ubuntu-24.04-amd64

8

The-MALWAR...us.exe

windows10-2004-x64

7

The-MALWAR....a.exe

windows10-2004-x64

3

The-MALWAR....a.exe

windows10-2004-x64

7

The-MALWAR...ok.exe

windows10-2004-x64

1

The-MALWAR...y.html

windows10-2004-x64

4

The-MALWAR...ft.exe

windows10-2004-x64

4

The-MALWAR...en.exe

windows10-2004-x64

6

The-MALWAR...ve.apk

android-9-x86

The-MALWAR...ve.apk

android-10-x64

Resubmissions

11/04/2025, 21:31 UTC

250411-1cz7lazpx8 10

Analysis

  • max time kernel
    29s
  • max time network
    2s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20250307-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    11/04/2025, 21:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Botnets/FritzFrog/985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86

  • Size

    8.7MB

  • MD5

    c947363b50231882723bd6b07bc291ca

  • SHA1

    7b9a425f09da9be5dda5facff18c5fd15eed253a

  • SHA256

    985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86

  • SHA512

    45f511f6fe78bba853789f85549c8ac591b7812e2fc969a13148bbd1112fa356f6a1ee88a22a907e7f62ef79a0d14d75681eecd2a17f027d105afd381f161184

  • SSDEEP

    98304:vM6uc5LRC1PApsX8mygFiQS8Mi0e6oIOPxOGdG20t7Xk:vM6uc5LRCepmPEQXMir6oIOPoCM

Score
8/10
antivmdefense_evasiondiscoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Adds new SSH keys 1 TTPs 1 IoCs

    Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.

    persistenceprivilege_escalation
  • Deletes itself 1 IoCs
  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 3 IoCs

    Adversaries may detect and evade virtualized environments and sandboxes.

    defense_evasion
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 4 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86
    /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86
    1⤵
    • Adds new SSH keys
    • Deletes itself
    • Deletes log files
    • Reads runtime system information
    • Writes file to tmp directory
    PID:2534
    • /usr/bin/uname
      uname -a
      2⤵
        PID:2549
      • /usr/bin/cat
        cat /proc/cpuinfo
        2⤵
        • Checks CPU configuration
        PID:2550
      • /usr/bin/cat
        cat /etc/issue
        2⤵
          PID:2552
        • /usr/bin/free
          free -m
          2⤵
            PID:2553
          • /usr/bin/uptime
            uptime
            2⤵
            • Virtualization/Sandbox Evasion: Time Based Evasion
            PID:2554
          • /usr/bin/journalctl
            journalctl -S "@0" -u sshd
            2⤵
            • Reads runtime system information
            PID:2561
          • /usr/bin/cat
            cat "/var/log/auth*"
            2⤵
              PID:2563
            • /usr/bin/zcat
              zcat "/var/log/auth*"
              2⤵
                PID:2564
              • /usr/local/sbin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:2564
              • /usr/local/bin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:2564
              • /usr/sbin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:2564
              • /usr/bin/gzip
                gzip -cd "/var/log/auth*"
                2⤵
                • System Network Configuration Discovery
                PID:2564
              • /usr/bin/free
                free -m
                2⤵
                  PID:2565
                • /usr/bin/uptime
                  uptime
                  2⤵
                  • Virtualization/Sandbox Evasion: Time Based Evasion
                  • Reads runtime system information
                  PID:2566
                • /usr/bin/free
                  free -m
                  2⤵
                    PID:2567
                  • /usr/bin/uptime
                    uptime
                    2⤵
                    • Virtualization/Sandbox Evasion: Time Based Evasion
                    PID:2568

                Network

                  No results found
                No results found
                • 224.0.0.251:5353
                  73 B
                   1

                MITRE ATT&CK Enterprise v16

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/nc
                  Filesize

                  8.7MB

                  MD5

                  c947363b50231882723bd6b07bc291ca

                  SHA1

                  7b9a425f09da9be5dda5facff18c5fd15eed253a

                  SHA256

                  985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86

                  SHA512

                  45f511f6fe78bba853789f85549c8ac591b7812e2fc969a13148bbd1112fa356f6a1ee88a22a907e7f62ef79a0d14d75681eecd2a17f027d105afd381f161184

                  Download Submit

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.