General

  • Target

    276722c9e33d835a09df7fd7c44ef8de0a26a882add52e6e9d5f1008a941940e

  • Size

    596KB

  • Sample

    220616-flmbwafaf7

  • MD5

    c862a04b225d2c31d0e2553b6a80936d

  • SHA1

    c6ef90a621d9bfdeac538b0f2ab09aaa2f197b15

  • SHA256

    276722c9e33d835a09df7fd7c44ef8de0a26a882add52e6e9d5f1008a941940e

  • SHA512

    9577361f7a08ad3eb4f2d075c806dd29858bed84df9e07996261cb1b3cad4560f7ac74d7e5315ebc131fbe868229abe4075b999dc876c0581570ac1c06514c2d

Malware Config

Extracted

Family

xorddos

C2

gh.dsaj2a1.org:2444

shaoqian.f3322.org:2444

183.60.202.2:2444

Targets

    • Target

      276722c9e33d835a09df7fd7c44ef8de0a26a882add52e6e9d5f1008a941940e

    • Size

      596KB

    • MD5

      c862a04b225d2c31d0e2553b6a80936d

    • SHA1

      c6ef90a621d9bfdeac538b0f2ab09aaa2f197b15

    • SHA256

      276722c9e33d835a09df7fd7c44ef8de0a26a882add52e6e9d5f1008a941940e

    • SHA512

      9577361f7a08ad3eb4f2d075c806dd29858bed84df9e07996261cb1b3cad4560f7ac74d7e5315ebc131fbe868229abe4075b999dc876c0581570ac1c06514c2d

    Score
    9/10
    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks