xorddos | 2baf73eae1c5135acf10290b063d0a65827611ba6874a326883d9be3b238a1b6 | Triage

Resubmissions

02-06-2022 16:55

220602-ve6t9scebq 10

09-04-2022 21:37

220409-1gfnradag2 9

Sharing

General

Target

2BAFxor.o
Size

611KB
Sample

220602-ve6t9scebq
MD5

cc3cfcdb09c10250d5b6430a1ffa5340
SHA1

d31cd0f813ac9a6f997d7d5a0cabac6d078907e2
SHA256

2baf73eae1c5135acf10290b063d0a65827611ba6874a326883d9be3b238a1b6
SHA512

a519cd6606a3383dbfb80d0ab96877d416bc089f5076b92b47e31edc3e0ef7b6ed21e38e4577e063a48c97d1842557667bef046a70be87b5d71792ab14a988b5

Score

10^/10

xorddos linux persistence

Malware Config

Extracted

Family

xorddos

C2

http://pcdown.gddos.com:8080

soft8.gddos.com:25

103.233.83.245:25

baidu.gddos.com:25

Targets

- Target
  
  2BAFxor.o
- Size
  
  611KB
- MD5
  
  cc3cfcdb09c10250d5b6430a1ffa5340
- SHA1
  
  d31cd0f813ac9a6f997d7d5a0cabac6d078907e2
- SHA256
  
  2baf73eae1c5135acf10290b063d0a65827611ba6874a326883d9be3b238a1b6
- SHA512
  
  a519cd6606a3383dbfb80d0ab96877d416bc089f5076b92b47e31edc3e0ef7b6ed21e38e4577e063a48c97d1842557667bef046a70be87b5d71792ab14a988b5
Score

9^/10

persistence
- Writes file to system bin folder
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Write file to user bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Hijack Execution Flow

Scheduled Task

Boot or Logon Autostart Execution

Privilege Escalation

Hijack Execution Flow

Scheduled Task

Boot or Logon Autostart Execution

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1