General
-
Target
317c1be0ddc03360bc368bd36fdcb9cd8291eaeb34b056a9766b09249549370f
-
Size
535KB
-
Sample
220620-2e4s8sebg3
-
MD5
4b0f3a383849f60ef08cc33eb623684a
-
SHA1
8d3d001a347f09a67760abef06afee1e1b9ebd65
-
SHA256
317c1be0ddc03360bc368bd36fdcb9cd8291eaeb34b056a9766b09249549370f
-
SHA512
d431ffd10fa5606ec3a4a206758dface7812f1304d8c17eaa24a464954354de808535aacc12366eeab554aad3609f42d5c65a4c203e0a488948969935e751328
Static task
static1
Behavioral task
behavioral1
Sample
317c1be0ddc03360bc368bd36fdcb9cd8291eaeb34b056a9766b09249549370f
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
tat456.com:1522
ppp.gggatat456.com:1522
ppp.xxxatat456.com:1522
www1.gggatat456.com:1522
Targets
-
-
Target
317c1be0ddc03360bc368bd36fdcb9cd8291eaeb34b056a9766b09249549370f
-
Size
535KB
-
MD5
4b0f3a383849f60ef08cc33eb623684a
-
SHA1
8d3d001a347f09a67760abef06afee1e1b9ebd65
-
SHA256
317c1be0ddc03360bc368bd36fdcb9cd8291eaeb34b056a9766b09249549370f
-
SHA512
d431ffd10fa5606ec3a4a206758dface7812f1304d8c17eaa24a464954354de808535aacc12366eeab554aad3609f42d5c65a4c203e0a488948969935e751328
Score10/10-
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-