General
-
Target
23.vir
-
Size
611KB
-
Sample
220618-k41z7sfghr
-
MD5
9c7f574ad4c0e4a394f57d3d50227a58
-
SHA1
d148b8051c438d792d2604c6aa69002743503197
-
SHA256
b242c3eca68edc7c09505570455398cce9b02689287690971762899d1fb2b1a8
-
SHA512
fb9f5c478e1266cf82ce5667478d47b7ce4b3949374648fe1a98a138d97ca07fede3a254bc1f56b031bdc328df61488f42cf51b104d58699ba6b3c9aaa0d792f
Static task
static1
Behavioral task
behavioral1
Sample
23.vir
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
axf6.com:3309
www.enoan2107.com:3309
www.gzcfr5axf6.com:3309
Targets
-
-
Target
23.vir
-
Size
611KB
-
MD5
9c7f574ad4c0e4a394f57d3d50227a58
-
SHA1
d148b8051c438d792d2604c6aa69002743503197
-
SHA256
b242c3eca68edc7c09505570455398cce9b02689287690971762899d1fb2b1a8
-
SHA512
fb9f5c478e1266cf82ce5667478d47b7ce4b3949374648fe1a98a138d97ca07fede3a254bc1f56b031bdc328df61488f42cf51b104d58699ba6b3c9aaa0d792f
Score10/10-
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-