General

  • Target

    8561a98f823f85a6c0d4beb209c4c016e96052ffcae18ba606b834d99d2b99a8

  • Size

    596KB

  • Sample

    220619-y5zenabcgm

  • MD5

    34b2a8a8e5a0fafc6552457f812bac5f

  • SHA1

    152fc531a9a03b8091b86419a9a808cedfa08639

  • SHA256

    8561a98f823f85a6c0d4beb209c4c016e96052ffcae18ba606b834d99d2b99a8

  • SHA512

    f20a7fa82649170bc1d1b17bb2aa2ef157962f87da26717e3ab18b15208a986399193eed5a0fbe17fffab52ce6320c4c08d80d95f1c8d90e5c476e73569d7b94

Malware Config

Extracted

Family

xorddos

C2

dns-google.org:60000

a-dns-google.com:60000

uc.twjiasu.com:8080

Targets

    • Target

      8561a98f823f85a6c0d4beb209c4c016e96052ffcae18ba606b834d99d2b99a8

    • Size

      596KB

    • MD5

      34b2a8a8e5a0fafc6552457f812bac5f

    • SHA1

      152fc531a9a03b8091b86419a9a808cedfa08639

    • SHA256

      8561a98f823f85a6c0d4beb209c4c016e96052ffcae18ba606b834d99d2b99a8

    • SHA512

      f20a7fa82649170bc1d1b17bb2aa2ef157962f87da26717e3ab18b15208a986399193eed5a0fbe17fffab52ce6320c4c08d80d95f1c8d90e5c476e73569d7b94

    Score
    9/10
    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks