General
-
Target
72Fxor.o
-
Size
525KB
-
Sample
220602-vesbwacebm
-
MD5
1a0e8787503fd9777f08c0b2f4bc8a53
-
SHA1
9881f9d168e6cbba550bd132634c918cee7367c0
-
SHA256
72f61ae2fbc105c21408cbe910da2b939ea98d26cafaf43a9fabe89361db9dec
-
SHA512
64e69d34057158b29b6ca1cd53f44990fde65b5011dec7852d9095350564e6fbfe22a5b9c5bb2fc5304b4bf077c2b2644f1dbeae2c78ad08a6411b79425dbc9e
Malware Config
Targets
-
-
Target
72Fxor.o
-
Size
525KB
-
MD5
1a0e8787503fd9777f08c0b2f4bc8a53
-
SHA1
9881f9d168e6cbba550bd132634c918cee7367c0
-
SHA256
72f61ae2fbc105c21408cbe910da2b939ea98d26cafaf43a9fabe89361db9dec
-
SHA512
64e69d34057158b29b6ca1cd53f44990fde65b5011dec7852d9095350564e6fbfe22a5b9c5bb2fc5304b4bf077c2b2644f1dbeae2c78ad08a6411b79425dbc9e
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-