General
-
Target
2BAFxor.o
-
Size
611KB
-
Sample
220602-ve6t9scebq
-
MD5
cc3cfcdb09c10250d5b6430a1ffa5340
-
SHA1
d31cd0f813ac9a6f997d7d5a0cabac6d078907e2
-
SHA256
2baf73eae1c5135acf10290b063d0a65827611ba6874a326883d9be3b238a1b6
-
SHA512
a519cd6606a3383dbfb80d0ab96877d416bc089f5076b92b47e31edc3e0ef7b6ed21e38e4577e063a48c97d1842557667bef046a70be87b5d71792ab14a988b5
Static task
static1
Behavioral task
behavioral1
Sample
2BAFxor.o
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
http://pcdown.gddos.com:8080
soft8.gddos.com:25
103.233.83.245:25
baidu.gddos.com:25
Targets
-
-
Target
2BAFxor.o
-
Size
611KB
-
MD5
cc3cfcdb09c10250d5b6430a1ffa5340
-
SHA1
d31cd0f813ac9a6f997d7d5a0cabac6d078907e2
-
SHA256
2baf73eae1c5135acf10290b063d0a65827611ba6874a326883d9be3b238a1b6
-
SHA512
a519cd6606a3383dbfb80d0ab96877d416bc089f5076b92b47e31edc3e0ef7b6ed21e38e4577e063a48c97d1842557667bef046a70be87b5d71792ab14a988b5
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-