General

  • Target

    580accbe4ec8e8ec6808c34eda1d6feae17d9940723acd1fe13db75d02e13ae9

  • Size

    611KB

  • Sample

    220625-b8vjjshecl

  • MD5

    0190d66de838c766a844e52c1f4f047a

  • SHA1

    2e7fd825bec6d7fc7ddb9e2b60b3c9678bad6eae

  • SHA256

    580accbe4ec8e8ec6808c34eda1d6feae17d9940723acd1fe13db75d02e13ae9

  • SHA512

    c26e30f4f10959ecf529631e078651f0b720bd542722aad0e3c4178ae3fbf5ac8d7a6bc453e0a4c3d4b8ef7ebc4267b36a399f1e6b608596c509733c075468de

Malware Config

Extracted

Family

xorddos

C2

num.com:3308

cdn.netflix2cdn.com:3308

cdn.finance1num.com:3308

Targets

    • Target

      580accbe4ec8e8ec6808c34eda1d6feae17d9940723acd1fe13db75d02e13ae9

    • Size

      611KB

    • MD5

      0190d66de838c766a844e52c1f4f047a

    • SHA1

      2e7fd825bec6d7fc7ddb9e2b60b3c9678bad6eae

    • SHA256

      580accbe4ec8e8ec6808c34eda1d6feae17d9940723acd1fe13db75d02e13ae9

    • SHA512

      c26e30f4f10959ecf529631e078651f0b720bd542722aad0e3c4178ae3fbf5ac8d7a6bc453e0a4c3d4b8ef7ebc4267b36a399f1e6b608596c509733c075468de

    Score
    9/10
    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks