General
-
Target
276722c9e33d835a09df7fd7c44ef8de0a26a882add52e6e9d5f1008a941940e
-
Size
596KB
-
Sample
220616-flmbwafaf7
-
MD5
c862a04b225d2c31d0e2553b6a80936d
-
SHA1
c6ef90a621d9bfdeac538b0f2ab09aaa2f197b15
-
SHA256
276722c9e33d835a09df7fd7c44ef8de0a26a882add52e6e9d5f1008a941940e
-
SHA512
9577361f7a08ad3eb4f2d075c806dd29858bed84df9e07996261cb1b3cad4560f7ac74d7e5315ebc131fbe868229abe4075b999dc876c0581570ac1c06514c2d
Static task
static1
Behavioral task
behavioral1
Sample
276722c9e33d835a09df7fd7c44ef8de0a26a882add52e6e9d5f1008a941940e
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
gh.dsaj2a1.org:2444
shaoqian.f3322.org:2444
183.60.202.2:2444
Targets
-
-
Target
276722c9e33d835a09df7fd7c44ef8de0a26a882add52e6e9d5f1008a941940e
-
Size
596KB
-
MD5
c862a04b225d2c31d0e2553b6a80936d
-
SHA1
c6ef90a621d9bfdeac538b0f2ab09aaa2f197b15
-
SHA256
276722c9e33d835a09df7fd7c44ef8de0a26a882add52e6e9d5f1008a941940e
-
SHA512
9577361f7a08ad3eb4f2d075c806dd29858bed84df9e07996261cb1b3cad4560f7ac74d7e5315ebc131fbe868229abe4075b999dc876c0581570ac1c06514c2d
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-