Coming Out of Your Shell: From Shlayer to ZShlayer
Tags
attack-pattern: Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID ad647e95-a19e-4ea3-9f35-5675a3e66d4f
Fingerprint 3c0999112dfe9182
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 8, 2020, midnight
Added to db Sept. 26, 2022, 9:32 a.m.
Last updated Oct. 16, 2024, 1:49 a.m.
Headline Coming Out of Your Shell: From Shlayer to ZShlayer
Title Coming Out of Your Shell: From Shlayer to ZShlayer
Detected Hints/Tags/Attributes 35/1/20
Source URLs
Redirection Url
Details Source https://www.sentinelone.com/blog/coming-out-of-your-shell-from-shlayer-to-zshlayer/
URL Provider
Details Provider Source level domain
Details sentinelone.com www.sentinelone.com
Attributes
Details Type #Events CTI Value
Details Domain 16 
installer.app
Details Domain 11 
player.app
Details Domain 1 
dqb2corklaq0k.cloudfront.net
Details File 4 
main.png
Details File 1 
zshlayer_decode.py
Details sha256 1 
c561d62c786c757a660c47d133b6d23e030a40c4aa08aebe44b8c4a7711da580
Details sha256 1 
05b0a4a31f38225d5ad9d133d08c892645639c4661b3e239ef2094381366cb62
Details sha256 1 
269d5f15da3bc3522ca53a3399dbaf4848f86de35d78c636a78336d46c23951c
Details sha256 1 
e3292268c1d0830e76c3e80b4ea57921b9171027e07f064ef3b867b6d0450191
Details sha256 1 
93ff20ff59d4e82e9c0e3b08037c48886dc54b8ed37c19894e0a65c1af8612f6
Details sha256 1 
16885c2443b610d80b30828b1445ca326adb727c48f06d073e4dcb70fe3e5c2e
Details sha256 1 
1bc5d3cb3d885fad8230e01dc5f86145d16ed5552a0fa8725689635b96b681e1
Details sha256 1 
f6cb7f9593d85f0cd1e81d5b9f520b74d9bf5e829206cefe05b956c0f7638c28
Details sha256 1 
3e20c0b2979a368c7d38cf305f1f60693375165bb76150ad80dbd34e7e0550ed
Details sha256 1 
c319761789afb6aa9cddadf340dfa2d4d659e4b420d6dfde9640cdc4c1d813b7
Details sha256 1 
823c4d39b0d93a1358b4fa02539868944ce15df91f78a1142be26edf07a64a5a
Details sha256 1 
45d50559f73e7c12f1d9aa06283182cb67ac953d285f044e77447569ca8a278c
Details sha256 1 
f94c8712dd7716cfeac79e6e59fdca07db4452c5d239593f421f97246ee8ef41
Details IPv4 1 
13.226.23.203
Details Url 1 
http://dqb2corklaq0k.cloudfront.net