General
-
Target
6e480ae0b1e441e36684ebc848b0f3a5c9f4da9519d807c629a8aa4428f24475
-
Size
596KB
-
Sample
220620-jjg6xsagbk
-
MD5
32391ecf8deb9ec63c882d2007713ff3
-
SHA1
829a16f59f9b4bd57262ba5c3b5ed761efc07224
-
SHA256
6e480ae0b1e441e36684ebc848b0f3a5c9f4da9519d807c629a8aa4428f24475
-
SHA512
c4d13cf80b6f7f4cb2a01087c7001b1ea956d773c76a83110a2b41915ff5c5358719978557a17ca7ae853a1d94e9d8c0b73ad8730d2f59ab31ea54d1d43e038d
Static task
static1
Behavioral task
behavioral1
Sample
6e480ae0b1e441e36684ebc848b0f3a5c9f4da9519d807c629a8aa4428f24475
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
gh.dsaj2a1.org:2444
shaoqian.f3322.org:2444
183.60.202.2:2444
Targets
-
-
Target
6e480ae0b1e441e36684ebc848b0f3a5c9f4da9519d807c629a8aa4428f24475
-
Size
596KB
-
MD5
32391ecf8deb9ec63c882d2007713ff3
-
SHA1
829a16f59f9b4bd57262ba5c3b5ed761efc07224
-
SHA256
6e480ae0b1e441e36684ebc848b0f3a5c9f4da9519d807c629a8aa4428f24475
-
SHA512
c4d13cf80b6f7f4cb2a01087c7001b1ea956d773c76a83110a2b41915ff5c5358719978557a17ca7ae853a1d94e9d8c0b73ad8730d2f59ab31ea54d1d43e038d
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-