General
-
Target
2674fcea6abf859f06e6bb629823423c326528a9e5623c8bdf05a370e78bdd4e
-
Size
611KB
-
Sample
220616-kaymzsaffp
-
MD5
8c8da16a2b9e7c318a9544ff032bddbe
-
SHA1
6a73498e4a7ea07cb6a508552e10f859ebeb9e04
-
SHA256
2674fcea6abf859f06e6bb629823423c326528a9e5623c8bdf05a370e78bdd4e
-
SHA512
e14bf4ac5adb60aa1423074b7d79908d484909f211ff439e58ae8b4d9309e106646716975ea7be05c46fe00abb8e524d816d891221aadf1e7af2950b8ea2b645
Static task
static1
Behavioral task
behavioral1
Sample
2674fcea6abf859f06e6bb629823423c326528a9e5623c8bdf05a370e78bdd4e
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
num.com:8080
cdn.netflix2cdn.com:8080
cdn.finance1num.com:8080
Targets
-
-
Target
2674fcea6abf859f06e6bb629823423c326528a9e5623c8bdf05a370e78bdd4e
-
Size
611KB
-
MD5
8c8da16a2b9e7c318a9544ff032bddbe
-
SHA1
6a73498e4a7ea07cb6a508552e10f859ebeb9e04
-
SHA256
2674fcea6abf859f06e6bb629823423c326528a9e5623c8bdf05a370e78bdd4e
-
SHA512
e14bf4ac5adb60aa1423074b7d79908d484909f211ff439e58ae8b4d9309e106646716975ea7be05c46fe00abb8e524d816d891221aadf1e7af2950b8ea2b645
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-