General

  • Target

    2fbf19b9d9f6dac5ebe22fae26d75c8861abb62906b680ae8629f160ee1b5a43

  • Size

    611KB

  • Sample

    220621-xr869sdba3

  • MD5

    46e70e115037c45ad16ff8aeba569d01

  • SHA1

    0ab641df21ca9cf7982f594ece407a08b533ef89

  • SHA256

    2fbf19b9d9f6dac5ebe22fae26d75c8861abb62906b680ae8629f160ee1b5a43

  • SHA512

    7666422ae96d5abc0fe29b8ddb667e2ab424fdb02c44feb2921e00cc2a9f08615dcc76f38d7e4f996bf96cd233f2a1fd3c3997d865f62aaa4b2dd78e1a1012de

Malware Config

Extracted

Family

xorddos

C2

ww.s9xk32c.com:23

ww.s9xk32a.com:23

ww.s9xk32b.com:23

Targets

    • Target

      2fbf19b9d9f6dac5ebe22fae26d75c8861abb62906b680ae8629f160ee1b5a43

    • Size

      611KB

    • MD5

      46e70e115037c45ad16ff8aeba569d01

    • SHA1

      0ab641df21ca9cf7982f594ece407a08b533ef89

    • SHA256

      2fbf19b9d9f6dac5ebe22fae26d75c8861abb62906b680ae8629f160ee1b5a43

    • SHA512

      7666422ae96d5abc0fe29b8ddb667e2ab424fdb02c44feb2921e00cc2a9f08615dcc76f38d7e4f996bf96cd233f2a1fd3c3997d865f62aaa4b2dd78e1a1012de

    Score
    10/10
    • suricata: ET MALWARE DDoS.XOR Checkin

      suricata: ET MALWARE DDoS.XOR Checkin

    • suricata: ET MALWARE DDoS.XOR Checkin via HTTP

      suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks