General

  • Target

    57ee14b30b52577e4600c1326d6b7918f06521468a4750317047442b4ce01bfc

  • Size

    611KB

  • Sample

    220527-xpx18ahbd3

  • MD5

    051537e40feb2b11b674dadabad2c505

  • SHA1

    0944493b4fe9d255da9df5816bd9bc6766ffb92f

  • SHA256

    57ee14b30b52577e4600c1326d6b7918f06521468a4750317047442b4ce01bfc

  • SHA512

    33421ca0f404e7c91c1f205c6b34aaecf8a499f213a53afdc0ce66cc235c2cd1d5996a4cd951d2ede9182cc6ee07a7ee301fd6f36dca860bf37268e1d015c1f1

Malware Config

Targets

    • Target

      57ee14b30b52577e4600c1326d6b7918f06521468a4750317047442b4ce01bfc

    • Size

      611KB

    • MD5

      051537e40feb2b11b674dadabad2c505

    • SHA1

      0944493b4fe9d255da9df5816bd9bc6766ffb92f

    • SHA256

      57ee14b30b52577e4600c1326d6b7918f06521468a4750317047442b4ce01bfc

    • SHA512

      33421ca0f404e7c91c1f205c6b34aaecf8a499f213a53afdc0ce66cc235c2cd1d5996a4cd951d2ede9182cc6ee07a7ee301fd6f36dca860bf37268e1d015c1f1

    Score
    10/10
    • suricata: ET MALWARE DDoS.XOR Checkin

      suricata: ET MALWARE DDoS.XOR Checkin

    • suricata: ET MALWARE DDoS.XOR Checkin via HTTP

      suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks