General
-
Target
55f3c016025b72ae40fee768b17d59de72f9b9f9bfdfb4ca768d1a588afd7060
-
Size
535KB
-
Sample
220620-xmmsgaadhk
-
MD5
318d18a0c89b1438fd4e05a3c07776ca
-
SHA1
65f5b14dae2427cf63e59fd5c7d9bdccd6ad5728
-
SHA256
55f3c016025b72ae40fee768b17d59de72f9b9f9bfdfb4ca768d1a588afd7060
-
SHA512
4f5a35ba37a9b6aa87baef8b53ec4d1ad0f4272cb6d3f1d5a0ca68eafe176b96962ce12b18b4922bcfd87a0959f7cccf184f9e854b60e17011554772d72beaec
Static task
static1
Behavioral task
behavioral1
Sample
55f3c016025b72ae40fee768b17d59de72f9b9f9bfdfb4ca768d1a588afd7060
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
tat456.com:1520
ppp.gggatat456.com:1520
ppp.xxxatat456.com:1520
www1.gggatat456.com:1520
Targets
-
-
Target
55f3c016025b72ae40fee768b17d59de72f9b9f9bfdfb4ca768d1a588afd7060
-
Size
535KB
-
MD5
318d18a0c89b1438fd4e05a3c07776ca
-
SHA1
65f5b14dae2427cf63e59fd5c7d9bdccd6ad5728
-
SHA256
55f3c016025b72ae40fee768b17d59de72f9b9f9bfdfb4ca768d1a588afd7060
-
SHA512
4f5a35ba37a9b6aa87baef8b53ec4d1ad0f4272cb6d3f1d5a0ca68eafe176b96962ce12b18b4922bcfd87a0959f7cccf184f9e854b60e17011554772d72beaec
Score10/10-
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-