General

  • Target

    b9e9e89988f48f199a59d572bd42bc777482843753aad7d5617c5c30205b12f1

  • Size

    611KB

  • Sample

    220620-tvdb8aeegn

  • MD5

    321e60ae4cfb160889f942e7b7bdd490

  • SHA1

    4a0ce553f3f7f70e2fbb117afdb097d301e28d5f

  • SHA256

    b9e9e89988f48f199a59d572bd42bc777482843753aad7d5617c5c30205b12f1

  • SHA512

    4d33522ff9ad0bd1913907587aac48709d39509c41f302b3cc8247c5e851f9aeb621e3f1b1528b34304823e258eec39a64c101f3d2a6c682acc7a062307eddc6

Malware Config

Extracted

Family

xorddos

C2

axf6.com:23

www.enoan2107.com:23

www.gzcfr5axf6.com:23

Targets

    • Target

      b9e9e89988f48f199a59d572bd42bc777482843753aad7d5617c5c30205b12f1

    • Size

      611KB

    • MD5

      321e60ae4cfb160889f942e7b7bdd490

    • SHA1

      4a0ce553f3f7f70e2fbb117afdb097d301e28d5f

    • SHA256

      b9e9e89988f48f199a59d572bd42bc777482843753aad7d5617c5c30205b12f1

    • SHA512

      4d33522ff9ad0bd1913907587aac48709d39509c41f302b3cc8247c5e851f9aeb621e3f1b1528b34304823e258eec39a64c101f3d2a6c682acc7a062307eddc6

    Score
    10/10
    • suricata: ET MALWARE DDoS.XOR Checkin

      suricata: ET MALWARE DDoS.XOR Checkin

    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks