Extracted

• • Target

    f48d2e608faeb0747b32205489e8ca88a3b10ecfd3c2cc2ff31fabf11fac03b3

  • Size

    546KB

  • MD5

    429164dbad09cd108d22105e628a3daa

  • SHA1

    85cd14daabf7ffa7dfec07fd50e8e82eca9b5855

  • SHA256

    f48d2e608faeb0747b32205489e8ca88a3b10ecfd3c2cc2ff31fabf11fac03b3

  • SHA512

    0bac37f71c3a5062884e65d3c0b4f3466b73cb8611e300662f6ecfb80d44e8a724c845c55746d5341965b2b56c62f366822f86cd4113df80f7fca85e445b5923

  Score

  10^/10

  persistencesuricata

  • suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    suricata

  • Writes file to system bin folder

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Modifies init.d

    Adds/modifies system service, likely for persistence.

    persistence

  • Modifies rc script

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence

  • Writes file to tmp directory

    Malware often drops required files in the /tmp directory.

  behavioral1