xorddos | 47c0af3e024fb5b38a97768bb9f6dce954fe358ce7f24c46dcc23689e8687a70 | Triage

Resubmissions

02-06-2022 16:55

220602-vfcmtaghc7 10

08-03-2022 22:23

220308-2ar9msbef2 9

Sharing

General

Target

x.o
Size

611KB
Sample

220602-vfcmtaghc7
MD5

d46dd322e3cefa2b6eda0c96b84f7611
SHA1

5dae4f419d23a4d5f42d4ea0e5d67382d26b34ca
SHA256

47c0af3e024fb5b38a97768bb9f6dce954fe358ce7f24c46dcc23689e8687a70
SHA512

8c3047a1ffa39982c39cb04d2fad34a49502711a004448176945c60a1aeed177676cc920ef02ddb81c1205935ed05ca46630cee165d2c36fdc08059264f0dc5d

Score

10^/10

xorddos linux persistence

Malware Config

Extracted

Family

xorddos

C2

http://pcdown.gddos.com:8080

soft8.gddos.com:25

103.233.83.245:25

baidu.gddos.com:25

Targets

- Target
  
  x.o
- Size
  
  611KB
- MD5
  
  d46dd322e3cefa2b6eda0c96b84f7611
- SHA1
  
  5dae4f419d23a4d5f42d4ea0e5d67382d26b34ca
- SHA256
  
  47c0af3e024fb5b38a97768bb9f6dce954fe358ce7f24c46dcc23689e8687a70
- SHA512
  
  8c3047a1ffa39982c39cb04d2fad34a49502711a004448176945c60a1aeed177676cc920ef02ddb81c1205935ed05ca46630cee165d2c36fdc08059264f0dc5d
Score

9^/10

persistence
- Writes file to system bin folder
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Write file to user bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1