Overview
overview
10Static
static
10The-MALWAR...ot.exe
windows10-2004-x64
10The-MALWAR...ll.exe
windows10-2004-x64
10The-MALWAR...BS.exe
windows10-2004-x64
10The-MALWAR...in.exe
windows10-2004-x64
7The-MALWAR....A.exe
windows10-2004-x64
7The-MALWAR....A.exe
windows10-2004-x64
10The-MALWAR....A.dll
windows10-2004-x64
7The-MALWAR...r.xlsm
windows10-2004-x64
10The-MALWAR...36c859
ubuntu-24.04-amd64
8The-MALWAR...caa742
ubuntu-24.04-amd64
8The-MALWAR...c1a732
ubuntu-24.04-amd64
8The-MALWAR...57c046
ubuntu-24.04-amd64
8The-MALWAR...460a01
ubuntu-24.04-amd64
8The-MALWAR...ece0c5
ubuntu-24.04-amd64
8The-MALWAR...257619
ubuntu-18.04-amd64
8The-MALWAR...fbcc59
ubuntu-24.04-amd64
8The-MALWAR...54f69c
ubuntu-24.04-amd64
8The-MALWAR...d539a6
ubuntu-24.04-amd64
8The-MALWAR...4996dd
ubuntu-24.04-amd64
8The-MALWAR...8232d5
ubuntu-18.04-amd64
8The-MALWAR...66b948
ubuntu-22.04-amd64
8The-MALWAR...f9db86
ubuntu-24.04-amd64
8The-MALWAR...ea2485
ubuntu-24.04-amd64
8The-MALWAR...us.exe
windows10-2004-x64
7The-MALWAR....a.exe
windows10-2004-x64
3The-MALWAR....a.exe
windows10-2004-x64
7The-MALWAR...ok.exe
windows10-2004-x64
1The-MALWAR...y.html
windows10-2004-x64
4The-MALWAR...ft.exe
windows10-2004-x64
4The-MALWAR...en.exe
windows10-2004-x64
6The-MALWAR...ve.apk
android-9-x86
The-MALWAR...ve.apk
android-10-x64
Resubmissions
11/04/2025, 21:31
250411-1cz7lazpx8 10Analysis
-
max time kernel
29s -
max time network
2s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20250410-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20250410-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
11/04/2025, 21:31
Static task
static1
Behavioral task
behavioral1
Sample
The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
Resource
win10v2004-20250314-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.exe
Resource
win10v2004-20250410-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.exe
Resource
win10v2004-20250410-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe
Resource
win10v2004-20250314-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win10v2004-20250314-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win10v2004-20250410-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.dll
Resource
win10v2004-20250410-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm
Resource
win10v2004-20250410-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
Resource
ubuntu2404-amd64-20250410-en
ubuntu-24.04-amd64
Behavioral task
behavioral10
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
Resource
ubuntu2404-amd64-20250410-en
ubuntu-24.04-amd64
Behavioral task
behavioral11
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
Resource
ubuntu2404-amd64-20250307-en
ubuntu-24.04-amd64
Behavioral task
behavioral12
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
Resource
ubuntu2404-amd64-20250410-en
ubuntu-24.04-amd64
Behavioral task
behavioral13
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
Resource
ubuntu2404-amd64-20250410-en
ubuntu-24.04-amd64
Behavioral task
behavioral14
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
Resource
ubuntu2404-amd64-20250410-en
ubuntu-24.04-amd64
Behavioral task
behavioral15
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
Resource
ubuntu1804-amd64-20250410-en
ubuntu-18.04-amd64
Behavioral task
behavioral16
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
Resource
ubuntu2404-amd64-20250307-en
ubuntu-24.04-amd64
Behavioral task
behavioral17
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
Resource
ubuntu2404-amd64-20250410-en
ubuntu-24.04-amd64
Behavioral task
behavioral18
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
Resource
ubuntu2404-amd64-20250410-en
ubuntu-24.04-amd64
Behavioral task
behavioral19
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
Resource
ubuntu2404-amd64-20250307-en
ubuntu-24.04-amd64
Behavioral task
behavioral20
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral21
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
Resource
ubuntu2204-amd64-20250410-en
ubuntu-22.04-amd64
Behavioral task
behavioral22
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86
Resource
ubuntu2404-amd64-20250307-en
ubuntu-24.04-amd64
Behavioral task
behavioral23
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485
Resource
ubuntu2404-amd64-20250410-en
ubuntu-24.04-amd64
Behavioral task
behavioral24
Sample
The-MALWARE-Repo-master/Email-Worm/Amus.exe
Resource
win10v2004-20250314-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
The-MALWARE-Repo-master/Email-Worm/Anap.a.exe
Resource
win10v2004-20250410-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
The-MALWARE-Repo-master/Email-Worm/Axam.a.exe
Resource
win10v2004-20250410-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
The-MALWARE-Repo-master/Email-Worm/Brontok.exe
Resource
win10v2004-20250410-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
The-MALWARE-Repo-master/Email-Worm/BubbleBoy.html
Resource
win10v2004-20250314-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
The-MALWARE-Repo-master/Email-Worm/Bugsoft.exe
Resource
win10v2004-20250410-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
The-MALWARE-Repo-master/Email-Worm/Duksten.exe
Resource
win10v2004-20250410-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
The-MALWARE-Repo-master/Trojan/Grave.apk
Resource
android-x86-arm-20240910-en
android-9-x86
Behavioral task
behavioral32
Sample
The-MALWARE-Repo-master/Trojan/Grave.apk
Resource
android-x64-20240910-en
android-10-x64
General
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
-
Size
8.7MB
-
MD5
799c965e0a5a132ec2263d5fea0b0e1c
-
SHA1
a15c5a706122fabdef1989c893c72c6530fedcb4
-
SHA256
001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
-
SHA512
6c481a855ee6f81dd388c8a4623e519bfbb9f496dada93672360f0a7476fb2b32fd261324156fd4729cef3cbe13f0a8b5862fe47b6db1860d0d67a77283b5ad8
-
SSDEEP
98304:VqGMOLT5E2Dy8Ji6LrDl3bTMsEplZ1GW5w+Aw:wGMOLTmaHjLXl3bTMsEpf1x5
Malware Config
Signatures
-
Adds new SSH keys 1 TTPs 1 IoCs
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
description ioc Process File opened for modification /root/.ssh/authorized_keys 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 -
Deletes itself 1 IoCs
pid Process 2021 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 -
description ioc Process File deleted /var/log/tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 3 IoCs
Adversaries may detect and evade virtualized environments and sandboxes.
pid Process 2040 uptime 2046 uptime 2048 uptime -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo cat -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 -
description ioc Process File opened for reading /proc/2021/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1520/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/198/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/788/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1285/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/861/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/32/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/861/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1364/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1486/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/274/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/430/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1413/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1449/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1477/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/2018/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/430/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1036/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/27/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/32/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1284/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1751/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/sys/kernel/cap_last_cap journalctl File opened for reading /proc/28/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1447/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1450/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/198/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/437/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1008/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1309/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/19/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/22/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/753/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/80/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/2027/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1781/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/65/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1777/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/202/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1432/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1477/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/17/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1762/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/20/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/52/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1341/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/38/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/385/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/uptime uptime File opened for reading /proc/1399/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/43/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1367/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1731/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/191/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/34/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/44/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/982/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/1004/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/17/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/789/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/48/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/590/stat 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 File opened for reading /proc/loadavg uptime File opened for reading /proc/1543/cmdline 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 -
System Network Configuration Discovery 1 TTPs 4 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 2044 gzip 2044 gzip 2044 gzip 2044 gzip -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/nc 001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
Processes
-
/tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859/tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c8591⤵
- Adds new SSH keys
- Deletes itself
- Deletes log files
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:2021 -
/usr/bin/unameuname -a2⤵PID:2036
-
-
/usr/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
PID:2037
-
-
/usr/bin/catcat /etc/issue2⤵PID:2038
-
-
/usr/bin/freefree -m2⤵PID:2039
-
-
/usr/bin/uptimeuptime2⤵
- Virtualization/Sandbox Evasion: Time Based Evasion
PID:2040
-
-
/usr/bin/journalctljournalctl -S "@0" -u sshd2⤵
- Reads runtime system information
PID:2041
-
-
/usr/bin/catcat "/var/log/auth*"2⤵PID:2043
-
-
/usr/bin/zcatzcat "/var/log/auth*"2⤵PID:2044
-
-
/usr/local/sbin/gzipgzip -cd "/var/log/auth*"2⤵
- System Network Configuration Discovery
PID:2044
-
-
/usr/local/bin/gzipgzip -cd "/var/log/auth*"2⤵
- System Network Configuration Discovery
PID:2044
-
-
/usr/sbin/gzipgzip -cd "/var/log/auth*"2⤵
- System Network Configuration Discovery
PID:2044
-
-
/usr/bin/gzipgzip -cd "/var/log/auth*"2⤵
- System Network Configuration Discovery
PID:2044
-
-
/usr/bin/freefree -m2⤵PID:2045
-
-
/usr/bin/uptimeuptime2⤵
- Virtualization/Sandbox Evasion: Time Based Evasion
- Reads runtime system information
PID:2046
-
-
/usr/bin/freefree -m2⤵PID:2047
-
-
/usr/bin/uptimeuptime2⤵
- Virtualization/Sandbox Evasion: Time Based Evasion
- Reads runtime system information
PID:2048
-
Network
MITRE ATT&CK Enterprise v16
Defense Evasion
Indicator Removal
1Clear Linux or Mac System Logs
1Virtualization/Sandbox Evasion
2System Checks
1Time Based Evasion
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8.7MB
MD5799c965e0a5a132ec2263d5fea0b0e1c
SHA1a15c5a706122fabdef1989c893c72c6530fedcb4
SHA256001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
SHA5126c481a855ee6f81dd388c8a4623e519bfbb9f496dada93672360f0a7476fb2b32fd261324156fd4729cef3cbe13f0a8b5862fe47b6db1860d0d67a77283b5ad8