General

  • Target

    2674fcea6abf859f06e6bb629823423c326528a9e5623c8bdf05a370e78bdd4e

  • Size

    611KB

  • Sample

    220616-kaymzsaffp

  • MD5

    8c8da16a2b9e7c318a9544ff032bddbe

  • SHA1

    6a73498e4a7ea07cb6a508552e10f859ebeb9e04

  • SHA256

    2674fcea6abf859f06e6bb629823423c326528a9e5623c8bdf05a370e78bdd4e

  • SHA512

    e14bf4ac5adb60aa1423074b7d79908d484909f211ff439e58ae8b4d9309e106646716975ea7be05c46fe00abb8e524d816d891221aadf1e7af2950b8ea2b645

Malware Config

Extracted

Family

xorddos

C2

num.com:8080

cdn.netflix2cdn.com:8080

cdn.finance1num.com:8080

Targets

    • Target

      2674fcea6abf859f06e6bb629823423c326528a9e5623c8bdf05a370e78bdd4e

    • Size

      611KB

    • MD5

      8c8da16a2b9e7c318a9544ff032bddbe

    • SHA1

      6a73498e4a7ea07cb6a508552e10f859ebeb9e04

    • SHA256

      2674fcea6abf859f06e6bb629823423c326528a9e5623c8bdf05a370e78bdd4e

    • SHA512

      e14bf4ac5adb60aa1423074b7d79908d484909f211ff439e58ae8b4d9309e106646716975ea7be05c46fe00abb8e524d816d891221aadf1e7af2950b8ea2b645

    Score
    9/10
    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks