General
-
Target
2fbf19b9d9f6dac5ebe22fae26d75c8861abb62906b680ae8629f160ee1b5a43
-
Size
611KB
-
Sample
220621-xr869sdba3
-
MD5
46e70e115037c45ad16ff8aeba569d01
-
SHA1
0ab641df21ca9cf7982f594ece407a08b533ef89
-
SHA256
2fbf19b9d9f6dac5ebe22fae26d75c8861abb62906b680ae8629f160ee1b5a43
-
SHA512
7666422ae96d5abc0fe29b8ddb667e2ab424fdb02c44feb2921e00cc2a9f08615dcc76f38d7e4f996bf96cd233f2a1fd3c3997d865f62aaa4b2dd78e1a1012de
Static task
static1
Behavioral task
behavioral1
Sample
2fbf19b9d9f6dac5ebe22fae26d75c8861abb62906b680ae8629f160ee1b5a43
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
ww.s9xk32c.com:23
ww.s9xk32a.com:23
ww.s9xk32b.com:23
Targets
-
-
Target
2fbf19b9d9f6dac5ebe22fae26d75c8861abb62906b680ae8629f160ee1b5a43
-
Size
611KB
-
MD5
46e70e115037c45ad16ff8aeba569d01
-
SHA1
0ab641df21ca9cf7982f594ece407a08b533ef89
-
SHA256
2fbf19b9d9f6dac5ebe22fae26d75c8861abb62906b680ae8629f160ee1b5a43
-
SHA512
7666422ae96d5abc0fe29b8ddb667e2ab424fdb02c44feb2921e00cc2a9f08615dcc76f38d7e4f996bf96cd233f2a1fd3c3997d865f62aaa4b2dd78e1a1012de
Score10/10-
suricata: ET MALWARE DDoS.XOR Checkin via HTTP
suricata: ET MALWARE DDoS.XOR Checkin via HTTP
-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-